SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    May 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    apache user cannot execute useradd via sudo :(

    Hi all
    My server is REHL 5 with php 5.1.6.
    In my app I want apache to add user through sudo.

    My sudoers file is:
    %apache ALL=(ALL) NOPASSWD: ALL
    apache ALL=(ALL) NOPASSWD: ALL

    My test.php :
    <?php
    $username="hixhix";
    system("/usr/bin/sudo /usr/sbin/useradd -s /sbin/nologin -M $username",$returnvalue);
    echo "return value: $returnvalue";
    However, user 'hixhix' not created by apache at all, it always returned 1.
    how can I make my apache tu add user using sudo?
    Please help me. I need your help.
    Thanks and regards.

  2. #2
    PHP Guru lampcms.com's Avatar
    Join Date
    Jan 2009
    Posts
    921
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have you edited your /etc/sudoers file to allow apache user use sudo?

    I would look into that issue. First check your /var/log/messages file to see what errors are reported.

  3. #3
    PHP Guru lampcms.com's Avatar
    Join Date
    Jan 2009
    Posts
    921
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also check if your linux installation is actually an SElinux, if it is SElinux, then there it could be preventing the execution of sudo alltogether, in which case you need to tackle the SElinux configuration.

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    This is going to sound really rude but I must say it...why are you doing something so stupid?! Giving Apache the ability to enter root without a password?! You never give a public facing service more permissions then it needs! Apache should not even have the sudo permission.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    SitePoint Member
    Join Date
    May 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sharedlog.com View Post
    Have you edited your /etc/sudoers file to allow apache user use sudo?

    I would look into that issue. First check your /var/log/messages file to see what errors are reported.
    Thank you for your reply,

    There is no error log in /var/log/messages

    Quote Originally Posted by Sharedlog.com View Post
    Also check if your linux installation is actually an SElinux, if it is SElinux, then there it could be preventing the execution of sudo alltogether, in which case you need to tackle the SElinux configuration.
    I am sure my server is running REHL 5

  6. #6
    SitePoint Member
    Join Date
    May 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    This is going to sound really rude but I must say it...why are you doing something so stupid?! Giving Apache the ability to enter root without a password?! You never give a public facing service more permissions then it needs! Apache should not even have the sudo permission.
    Hello logic_earth,

    I planning to run my own dedicated server, and no body will host any other file. So, i think there is nothing worry.

    And another thing, If this command run successfully I do not run this command this way. I will write a SHELL script and run with root access like;

    exec("/shell_scirpt_path/shell_scirpt_name.sh", $returnvalue);
    exec("/shell_scirpt_path/shell_scirpt_name.sh", $returnvalue);
    but berfore doing like this, I have to run follwing example that I have post.

  7. #7
    SitePoint Member
    Join Date
    May 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is there any other way to run shell script or perl script as root priviledge?

    How cpanel or other web hosting company create subdomain instantly?

    Can any body give me some idea?

  8. #8
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by shanto19 View Post
    Hello logic_earth,

    I planning to run my own dedicated server, and no body will host any other file. So, i think there is nothing worry.
    You are forgetting about those that attack from the outside. Apache has flaws and holes like every piece of software known to man. Anyone of those holes could theoretically be used to gain unauthorized access to the server. If you kept Apache with minimal permissions the attacker would only be able to mess with Apache itself and nothing else.

    Don't assume just because you are on a Linux server you are automatically immune to security threats, local or remote. Public facing services are given strict reduced privileges for a reason.

    Now for executing shell scripts as root, couple of things to aid in that.
    Can go the route Kenneth (09-Mar-2005 05:19) describes:
    Sometimes it's needed to be able to execute shell commands as root using PHP. For instance, restarting named after adding or changing zones, or adding new alliases for sendmail.

    My approach is to run a server called Nanoweb, available from http://nanoweb.si.kz/. It's a webserver written in PHP, and needs only the pcntl extension extra to operate. Nanoweb is configured to only listen for connections on localhost, port 81 for example. From my normal PHP scripts running inside Apache I simply call scripts in Nanoweb to get the messy 'root' tasks done. Much more secure and safer.

    Hope this helps
    You should be aware of the security implications running a script as root means to the very security foundation of your server. More helpful commentary here.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  9. #9
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by shanto19 View Post
    I am sure my server is running REHL 5
    Security-Enhanced Linux (SELinux)...is not a Linux distribution
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  10. #10
    SitePoint Member
    Join Date
    May 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks logic_earth, your answer making me sence. Thanks again.

    If you have any other information about "How cpanel or other web hosting company create subdomain instantly?", Pls share.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •