Page 1 of 1

Calling shell scripts from PHP as other users

Posted: Thu Dec 01, 2005 10:39 am
by Thin
Hi all

Quick question regarding permissions under Linux. I want to call a shell script from a php page that will start an application on the machine.

To test this out, I've had a go executing 'uptime' from a php page and the results are returned to the browser, minus the number of users logged in.

I've had a read around and am still a little confused as to how this works with Linux file permissions. Presumeably if the Apache user has execute access to the script, it will run, but if the script itself fires off other applications do these also need to be executable by the Apache user?

Really after a little thought what I want to be able to do is to call a script to be executed as another user (NOT root but not www/apache either) from a php page. I think this is acceptable as the script in question takes no user input, it merely executes.

Can anyone walk me through the best way to do this ? I've had a read around and initally thought suExec might be what I was looking for, but the tutorial didn't really help with this particular problem.

TIA

Posted: Fri Dec 02, 2005 5:15 am
by timvw
In a regular script you can su - / sudo to become a different user (and gain his privileges). Another possibility is to allow the script to run as the owner of that script (chmod +g). But i don't know how well apache likes these..

You can also use the su_exec apache module that does this.

But i've got a feeling that it's clearer if you simply give privileges to all users that need privileges (in your case this is the user that runs apache)

Posted: Wed Dec 14, 2005 4:44 am
by dude81
One Possiblity will be executing system command
which executes any command on linux server

Code: Select all

system('su user', $return_variable);

$dir="script dirrectory path here";

chdir($dir);

system('$dir."/".file.sh');
I hope this can help

Thank You

Posted: Wed Dec 14, 2005 5:10 am
by redmonkey
In order to execute a script you need to have both read and execute permissions (the script is read first then executed). If it's a binary then just execute permissions are required.

When a script is executed any subsequent calls to other scripts/binaries are executed under the user which called the originating script.

You may want to look into using PHP as a CGI with Apache and suexec or alternatively setting the SUID of the script may be a better alternative.