apache user cannot execute useradd via sudo :(

[shanto19]

Hi all
My server is REHL 5 with php 5.1.6.
In my app I want apache to add user through sudo.

My sudoers file is:
%apache ALL=(ALL) NOPASSWD: ALL
apache ALL=(ALL) NOPASSWD: ALL

My test.php í:
<?php
$username="hixhix";
system("/usr/bin/sudo /usr/sbin/useradd -s /sbin/nologin -M $username",$returnvalue);
echo "return value: $returnvalue";
However, user 'hixhix' not created by apache at all, it always returned 1.
how can I make my apache tu add user using sudo?
Please help me. I need your help.
Thanks and regards.

[lampcms.com]

Have you edited your /etc/sudoers file to allow apache user use sudo?

I would look into that issue. First check your /var/log/messages file to see what errors are reported.

[lampcms.com]

Also check if your linux installation is actually an SElinux, if it is SElinux, then there it could be preventing the execution of sudo alltogether, in which case you need to tackle the SElinux configuration.

[logic_earth]

This is going to sound really rude but I must say it...why are you doing something so stupid?! Giving Apache the ability to enter root without a password?! You never give a public facing service more permissions then it needs! Apache should not even have the sudo permission.

[shanto19]

Have you edited your /etc/sudoers file to allow apache user use sudo?

I would look into that issue. First check your /var/log/messages file to see what errors are reported.

Thank you for your reply,

There is no error log in /var/log/messages

Also check if your linux installation is actually an SElinux, if it is SElinux, then there it could be preventing the execution of sudo alltogether, in which case you need to tackle the SElinux configuration.

I am sure my server is running REHL 5

[shanto19]

This is going to sound really rude but I must say it...why are you doing something so stupid?! Giving Apache the ability to enter root without a password?! You never give a public facing service more permissions then it needs! Apache should not even have the sudo permission.

Hello logic_earth,

I planning to run my own dedicated server, and no body will host any other file. So, i think there is nothing worry.

And another thing, If this command run successfully I do not run this command this way. I will write a SHELL script and run with root access like;

exec("/shell_scirpt_path/shell_scirpt_name.sh", $returnvalue);

exec("/shell_scirpt_path/shell_scirpt_name.sh", $returnvalue);

but berfore doing like this, I have to run follwing example that I have post.

[shanto19]

is there any other way to run shell script or perl script as root priviledge?

How cpanel or other web hosting company create subdomain instantly?

Can any body give me some idea?

[logic_earth]

Hello logic_earth,

I planning to run my own dedicated server, and no body will host any other file. So, i think there is nothing worry.

You are forgetting about those that attack from the outside. Apache has flaws and holes like every piece of software known to man. Anyone of those holes could theoretically be used to gain unauthorized access to the server. If you kept Apache with minimal permissions the attacker would only be able to mess with Apache itself and nothing else.

Don't assume just because you are on a Linux server you are automatically immune to security threats, local or remote. Public facing services are given strict reduced privileges for a reason.

Now for executing shell scripts as root, couple of things to aid in that.
Can go the route Kenneth (09-Mar-2005 05:19) describes:

Sometimes it's needed to be able to execute shell commands as root using PHP. For instance, restarting named after adding or changing zones, or adding new alliases for sendmail.

My approach is to run a server called Nanoweb, available from http://nanoweb.si.kz/. It's a webserver written in PHP, and needs only the pcntl extension extra to operate. Nanoweb is configured to only listen for connections on localhost, port 81 for example. From my normal PHP scripts running inside Apache I simply call scripts in Nanoweb to get the messy 'root' tasks done. Much more secure and safer.

Hope this helps

You should be aware of the security implications running a script as root means to the very security foundation of your server. More helpful commentary here.

[logic_earth]

I am sure my server is running REHL 5

Security-Enhanced Linux (SELinux)...is not a Linux distribution

[shanto19]

Thanks logic_earth, your answer making me sence. Thanks again.

If you have any other information about "How cpanel or other web hosting company create subdomain instantly?", Pls share.