lawrence k wrote:
I'm writing a script that will find every newly updated file in /var/
www/vhosts/cyber.com/httpdocs/
and then cp the the files over to /var/www/vhosts/theroad.com/
httpdocs/
I used to do this by ssh to the server and typing in the copy command
manually. But my client would like to be able to control the timing
of these updates, so I'm trying to make it an easy-to-run script.
Only thing is, when I've done this copy in the past, I've always been
root, as no other user has the permission to copy from the one
directory to the other. So I need the script to run as root. Can I use
exec() to use su to become root? Anyone have a working example of
that?
Its been a long time since I did stuff like this..I am going to suggest
a completely different approach.
write a teeny C program that does exactly what you want and no more, and
invoke setuid() within it. I,e,. do NOT wrote a setuid version of
cp...write a setuid program that ONLY works from a specific directory to
another specific directory etc etc.
Then if it has root permissions and IIR the sticky bit set it can be
called by any user process to do its 'one and only dangerous root
permissions' job.
You can do the same with a script, but they are a lot easier to
alter..maliciously.
I prefer the 'Can't touch me. I'm written in C' sort of program..
The MOST dangerous script is the setuid script that someone has left
world writeable after a hasty edit..
However, in your case I would be somewhat tempted to make the target
directory at lest WRITEABLE by whatever process your PHP runs under, if
not readable..a simple matter of seyting up groups and permissions..and
then giving te user a web page generated via PHP to do the whole shebang
from.
>