filehandling and system() permissions.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am pretty new to php and have a few questions.

I am creating an Apache admin tool for some less "linux-able" users at
my job.
My tool needs to be able to 'restart' apache on 3 different servers
being that it is a cluster.

I have a shell script that I write that uses 'ssh' to accomplish this
but only if I am root or in the sudoers file.
How would I allow the user via my web tool enough privileges to restart
apache? I know I can add the 'www' user which apache is running as to
the sudoers file and explicitly allow running the 'apachectl' command,
but I don't feel safe doing this... I'm hoping someone with more
epxperience can give me some ideas.

what is the difference between using system(), exec(), shell_exec() etc
... here is how I was thining of doing it. Of course, I still have my
perm problem.
$restart = shell_exec('/usr/sbin/apachectl restart 2>&1');     #send
stdout/stderr to the browser
echo $restart;

Also, my form appends ^M end of line chars to the file. Apache is
running on RHEL 4. Is there a simple way to not let the form submission
append ^M?

Any help is appreciated.
Thanks for your time.


Re: filehandling and system() permissions. wrote:

Quoted text here. Click to load it

...and presumably you are thinking of running this via apache.

Working out how to sort out the privilege thing is trivial compared to the
other problems you will have if you try to control apache VIA apache.

For 3 machines, I'd say install webmin and leave it at that.

Quoted text here. Click to load it

Yes - there's good reasons why you need to be root, or in the sudoers.

Quoted text here. Click to load it

Very not safe. I would be wary about doing this on a private lan - and NEVER
on a machine connected to the internet.

Quoted text here. Click to load it

This isn't going to work if you are running via apache. You are killing of
the parent process of the apachectl, Therefore it will terminate, probably
before starting apache again. You need to either run a second webserver on
a different port or interface or dissociate apachectl from the process grop
of apache.


Re: filehandling and system() permissions.

Well, correct...

it would be apache on apache .. but the admin tool would run on a
machine sperate from the webservers it needs to restart, but on the
same network

I have a script that restartarts all three apaches ....

is there a safer way to run this script via apache? The script is run
my a user that has 'sudo' privz to restart all apaches with no

I am guessing there is not easy way to tell apache to run this script
as this user?


Re: filehandling and system() permissions. wrote:
Quoted text here. Click to load it

There's no safe way to do it.  Remember - if you can do it via the website, a  
hacker can do it, also.

My suggestion - stick with the ssh script.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline