Execute an unix root script

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
hclima
Forum Newbie
Posts: 2
Joined: Mon Jun 06, 2005 3:26 am

Execute an unix root script

Post by hclima »

Hi.
I've a site under PHP and UNIX and I need to run a script witch the owner is the root. How can I pass from php to the OS the necessary data (root username and password) to run the script as root?

Tks...
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I think you better do it the other way round.... Make sure the www-server user is allowed to execute the things that happen in the script...
hclima
Forum Newbie
Posts: 2
Joined: Mon Jun 06, 2005 3:26 am

Post by hclima »

I already thought about that but I have to ask for the root password to the user and to certify that the password is well inserted to guarantee that the user can execute script (is an System Admin or something like that).
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

If I remember correctly, PHP can execute shell commands if it's not in Safe mode. Use `su` or a similar command and check the output and stuff.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

What does the script do that it needs to be run as root? It's almost NEVER a good idea to have something that can be run by root, be accessible via a webpage.

Look into sudo, it might give you the ability to execute that script as root, without needing root level access.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

pickle wrote:What does the script do that it needs to be run as root? It's almost NEVER a good idea to have something that can be run by root, be accessible via a webpage.

Look into sudo, it might give you the ability to execute that script as root, without needing root level access.
Agreed. Running scripts with root privileges from a web page :?

On a side-note, although I'd have to suggest the same thing imho,

sudo + web script == disaster!
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

sudo + web script == disaster,
root access + web script == FRICKIN' BAD DISASTER

FRICKIN' BAD DISASTER > disaster

:)

Lesser of two evils I guess.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

if your hosting it your self you might be able to get away with it. make root owner of the file then follow some of the other suggestions.

If you have the site hosted somewhere, good luck because any host worth their salt wouldn't even consider the idea of allowing a script to be run a root.

Otherwise I will agree with the man who spends his days in vinegar
jayloo
Forum Newbie
Posts: 11
Joined: Tue Jun 14, 2005 1:28 pm

Post by jayloo »

This is a recipe for disaster. Do not do it. Its not worth it.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

jayloo wrote:This is a recipe for disaster. Do not do it. Its not worth it.
If you do do it then don't wonder "if" it will go wrong... wonder "when" it will go wrong. I can almost guarantee somebody will find it amusing to try and take advantage of this setup regardless of your status.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

And when your system is rooted, you cannot trust anything anymore. Best thing is to do a clean reinstall of the OS.
Post Reply