Posted by Bret Hughes on 01/16/05 01:49

On Sat, 2005-01-15 at 11:57, Rosen wrote:
> Hi,
> I have this problem:
> Linux Red Hat 7.3 server and PHP 4.3.8 & MySQL 4. When I Try to execute
> linux command - nothing happens and in Apache logs I see "Access denied".
> This is about permissions in executing this command.
>
> My question is can I execute a linux command via PHP ( this is command
> allowed only for root user ) ?
>
> P.S. I own this server - i.e. I have user & pass for root.


I use sudo for these situations. use visudo to establish that the user
that owns the apache process ( I can't remember if RHL 7.3 was nobody or
if the had switched to apache by then ).

THen you can use exec("sudo yourCommandThatMustBeRunAsRoot arg1 arg2);

man pages for sudo, sudoers and visudo are good resources. I am pretty
sure 7.3 had the rpm available.

visudo MUST be used to edit the sudoers file. you can add the following
line to get you started

apache ALL=(root) NOPASSWD:yourCommandThatMustBeRunAsRoot, someotherCmd

What this says is let the user apache run yourCommandThatMustBeRunAsRoot
and someotherCmd without having to enter a passwd. There are some
things you can do to limit the arguments that can be passed to the
commands see the man pages.

Very cool stuff with finegrained permission on what can be run by who.

Bret

[Back to original message]