You are here: Re: [PHP] apache (root) + php4 « PHP « IT news, forums, messages
Re: [PHP] apache (root) + php4

Posted by Rory Browne on 09/03/05 18:04

On 9/3/05, Michelle Konzack <linux4michelle@freenet.de> wrote:
> Hello *,
>
> for an half hour I was at a new customer and they run apache 1.3 as
> root on am IntranetServer because they need to admin there Fileserver
> via php.
>
> Now some problems:
>
> 1) They use exec("mcrypt ....") to generate UNIX passwords for
> /etc/shadow and I like to know, how I can create suitable md5
> passwords for it from php.
I'm not totally sure on the format of the passwords in /etc/shadow,
but can you do anything with php's md5 function? If not, then perhaps
the mcrypt extension may do something for you.

>
> 2) I like to run apache as www-data and not as root. How I must
> setup php/apache that I can do root-stuff because I need to run
>
> exec("useradd -c $WA_COMMENT -d $WA_HOME_DIR \
> -e $WA_EXPIRE_DATE -f $WA_INACTIVE_TIME \
> -g $WA_INITIAL_GROUP -G $WA_GROUPS \
> -m -k $WA_SKELETON_DIR -s $WA_SHELL \
> -u $WA_UID -p $WA_PASS_MCRYPT $WA_LOGIN")

First of all you inform your client that they are insane. Running
apache as root is completely unnecessary.

to perform the above I'd use a combination of
suExec/suPHP/somethingLikeThat and sudo. I'd create a user called
webuserman (Web User Manager), or something like that, and have the
script run as webuserman. I'd change the useradd..... to sudo
useradd....., and mod the /etc/sudoers file to allow webuserman user
to call the useradd command as root(through sudo).

If you are a lazy bastard, with very little concern for security(which
it seems you're not), you could simply run the script as www-data, and
have sudo allow www-data to do an adduser. I would oppose this
however, in that any php script would be able to use it.

Also make sure you escape your shell arguments.


>
> Thanks and nice wekend
> Michelle
>
> --
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
> Michelle Konzack Apt. 917 ICQ #328449886
> 50, rue de Soultz MSM LinuxMichi
> 0033/3/88452356 67100 Strasbourg/France IRC #Debian (irc.icq.com)
>
>
>

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация