SitePoint Sponsor |
|
User Tag List
Results 1 to 10 of 10
-
May 25, 2009, 23:34 #1
- Join Date
- May 2009
- Posts
- 5
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
apache user cannot execute useradd via sudo :(
Hi all
My server is REHL 5 with php 5.1.6.
In my app I want apache to add user through sudo.
My sudoers file is:
%apache ALL=(ALL) NOPASSWD: ALL
apache ALL=(ALL) NOPASSWD: ALL
My test.php í:
<?php
$username="hixhix";
system("/usr/bin/sudo /usr/sbin/useradd -s /sbin/nologin -M $username",$returnvalue);
echo "return value: $returnvalue";
However, user 'hixhix' not created by apache at all, it always returned 1.
how can I make my apache tu add user using sudo?
Please help me. I need your help.
Thanks and regards.
-
May 26, 2009, 06:11 #2
Have you edited your /etc/sudoers file to allow apache user use sudo?
I would look into that issue. First check your /var/log/messages file to see what errors are reported.
-
May 26, 2009, 06:31 #3
Also check if your linux installation is actually an SElinux, if it is SElinux, then there it could be preventing the execution of sudo alltogether, in which case you need to tackle the SElinux configuration.
-
May 26, 2009, 11:19 #4
This is going to sound really rude but I must say it...why are you doing something so stupid?! Giving Apache the ability to enter root without a password?! You never give a public facing service more permissions then it needs! Apache should not even have the sudo permission.
-
May 26, 2009, 20:48 #5
- Join Date
- May 2009
- Posts
- 5
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
May 26, 2009, 20:55 #6
- Join Date
- May 2009
- Posts
- 5
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hello logic_earth,
I planning to run my own dedicated server, and no body will host any other file. So, i think there is nothing worry.
And another thing, If this command run successfully I do not run this command this way. I will write a SHELL script and run with root access like;
exec("/shell_scirpt_path/shell_scirpt_name.sh", $returnvalue);exec("/shell_scirpt_path/shell_scirpt_name.sh", $returnvalue);
-
May 26, 2009, 21:00 #7
- Join Date
- May 2009
- Posts
- 5
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
is there any other way to run shell script or perl script as root priviledge?
How cpanel or other web hosting company create subdomain instantly?
Can any body give me some idea?
-
May 26, 2009, 21:41 #8
You are forgetting about those that attack from the outside. Apache has flaws and holes like every piece of software known to man. Anyone of those holes could theoretically be used to gain unauthorized access to the server. If you kept Apache with minimal permissions the attacker would only be able to mess with Apache itself and nothing else.
Don't assume just because you are on a Linux server you are automatically immune to security threats, local or remote. Public facing services are given strict reduced privileges for a reason.
Now for executing shell scripts as root, couple of things to aid in that.
Can go the route Kenneth (09-Mar-2005 05:19) describes:
Sometimes it's needed to be able to execute shell commands as root using PHP. For instance, restarting named after adding or changing zones, or adding new alliases for sendmail.
My approach is to run a server called Nanoweb, available from http://nanoweb.si.kz/. It's a webserver written in PHP, and needs only the pcntl extension extra to operate. Nanoweb is configured to only listen for connections on localhost, port 81 for example. From my normal PHP scripts running inside Apache I simply call scripts in Nanoweb to get the messy 'root' tasks done. Much more secure and safer.
Hope this helps
-
May 26, 2009, 21:43 #9
-
May 26, 2009, 23:18 #10
- Join Date
- May 2009
- Posts
- 5
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Thanks logic_earth, your answer making me sence. Thanks again.
If you have any other information about "How cpanel or other web hosting company create subdomain instantly?", Pls share.
Bookmarks