473,473 Members | 1,581 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

filehandling and system() permissions.

Hi,

I am pretty new to php and have a few questions.

I am creating an Apache admin tool for some less "linux-able" users at
my job.
My tool needs to be able to 'restart' apache on 3 different servers
being that it is a cluster.

I have a shell script that I write that uses 'ssh' to accomplish this
but only if I am root or in the sudoers file.
How would I allow the user via my web tool enough privileges to restart
apache? I know I can add the 'www' user which apache is running as to
the sudoers file and explicitly allow running the 'apachectl' command,
but I don't feel safe doing this... I'm hoping someone with more
epxperience can give me some ideas.

what is the difference between using system(), exec(), shell_exec() etc
.... here is how I was thining of doing it. Of course, I still have my
perm problem.
if(isset($_POST["restart"]))
{
$restart = shell_exec('/usr/sbin/apachectl restart 2>&1'); #send
stdout/stderr to the browser
echo $restart;
}

Also, my form appends ^M end of line chars to the file. Apache is
running on RHEL 4. Is there a simple way to not let the form submission
append ^M?

Any help is appreciated.
Thanks for your time.

--Mike

Apr 1 '06 #1
3 1547
mi*********@gmail.com wrote:

I am creating an Apache admin tool for some less "linux-able" users at
my job.
My tool needs to be able to 'restart' apache on 3 different servers
being that it is a cluster.

....and presumably you are thinking of running this via apache.

Working out how to sort out the privilege thing is trivial compared to the
other problems you will have if you try to control apache VIA apache.

For 3 machines, I'd say install webmin and leave it at that.
I have a shell script that I write that uses 'ssh' to accomplish this
but only if I am root or in the sudoers file.
Yes - there's good reasons why you need to be root, or in the sudoers.
How would I allow the user via my web tool enough privileges to restart
apache? I know I can add the 'www' user which apache is running as to
the sudoers file and explicitly allow running the 'apachectl' command,
but I don't feel safe doing this...
Very not safe. I would be wary about doing this on a private lan - and NEVER
on a machine connected to the internet.

what is the difference between using system(), exec(), shell_exec() etc
... here is how I was thining of doing it. Of course, I still have my
perm problem.
if(isset($_POST["restart"]))
{
$restart = shell_exec('/usr/sbin/apachectl restart 2>&1'); #send
stdout/stderr to the browser


This isn't going to work if you are running via apache. You are killing of
the parent process of the apachectl, Therefore it will terminate, probably
before starting apache again. You need to either run a second webserver on
a different port or interface or dissociate apachectl from the process grop
of apache.

C.
Apr 1 '06 #2
Well, correct...

it would be apache on apache .. but the admin tool would run on a
machine sperate from the webservers it needs to restart, but on the
same network

I have a script that restartarts all three apaches ....

is there a safer way to run this script via apache? The script is run
my a user that has 'sudo' privz to restart all apaches with no
password.

I am guessing there is not easy way to tell apache to run this script
as this user?

thanks.

Apr 1 '06 #3
mi*********@gmail.com wrote:
Well, correct...

it would be apache on apache .. but the admin tool would run on a
machine sperate from the webservers it needs to restart, but on the
same network

I have a script that restartarts all three apaches ....

is there a safer way to run this script via apache? The script is run
my a user that has 'sudo' privz to restart all apaches with no
password.

I am guessing there is not easy way to tell apache to run this script
as this user?

thanks.


There's no safe way to do it. Remember - if you can do it via the website, a
hacker can do it, also.

My suggestion - stick with the ssh script.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 2 '06 #4
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
Error loading XML file c:\...\machine.config Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission
by: Chris | last post by:
I have seen the posts on various places on the internet about .NET framework mismatch issues and I don't think that is my problem. ; ) When I execute the following C++.NET code: String...
Latest Bytes
5
System.UnauthorizedAccessException on deserialization
by: Burton Roberts | last post by:
This is also posted in the security newsgroup. Sorry for cross-posting, but I'm desperate. I have a Winforms application in VB.NET with a SQL Server (MSDE) backend. In the root application...
Latest Bytes
6
BUG or BY DESIGN? Filehandling on .NET is not windows compatible for NTFS and FAT
by: | last post by:
Hi, On the file handling methods, if you are dealing with files (Windows filesystem is case INSENSITIVE) yet when you specify file A.BLAH and its a.blah on windows, you get...
Latest Bytes
3
Help, Strange "An exception 'System.TypeInitializationException'has occurred in ... error.
by: nick | last post by:
The program runs well on Local harddisk. But it always popup the exception if I run it on Netware mapping disk. After debugger say there is no source code on the exception. Also the following error...
Latest Bytes
1
Console app and System.Security.SecurityException via network
by: edge | last post by:
hi, here it is my problem. My console app, reads a text file where it grabs username/password. Next, my app creates a .BAT file to trigger the command ftp:\\user:password@ftphomeaddress. ...
Latest Bytes
3
System.Security.SecurityException
by: Carl | last post by:
Hi. I have my program written as a console application in C# .NET 2005. I run it from a server on the local intranet and I got this message: An unhandled exception of type...
Latest Bytes
3
Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicK
by: Mike | last post by:
Hi I have problem as folow: Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type...
Latest Bytes
4
problem in a code with filehandling
by: neha_chhatre | last post by:
i have a wierd problem...iam not able to understand wat is goin wrong...i have written a code which reads the values form a text file (it contains lot of values like time=1.147279,value=240.66 and...
Latest Bytes
5
System.Security.SecurityException: Request
by: Henry Stock | last post by:
I am trying to understand the following error: Any thing you can tell me about this is appreciated. Security Exception Description: The application attempted to perform an operation not allowed...
Latest Bytes
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us