p dot koeman at wittenborg-university dot com
29-Aug-2005 04:22
Using sudo (
http://www.sudo.ws/) to exec system commands from PHP
This is a secure way to use sudo from PHP to perform sysadmin tasks from a php webapplication. (can be used with exec or passthru)
- Make a PHP script in the WWW root directory : client.php
[/home/mywebdir/html/client.php]
<?
passthru('echo hello world | sudo /usr/bin/php -f /home/server.php');
?>
- Make a PHP script outside the WWW directory : server.php
[/home/server.php]
<?
echo join('',file('php://stdin'));
?>
Add a line to /etc/sudoers
[in /etc/sudoers]
www ALL=(ALL) NOPASSWD: /usr/bin/php -f /home/server.php
Now execute client.php in the webbrowser (as www user)
- client.php will execute sudo
- sudo will execute server.php by php as root !
In server.php you can do everything you like requiring root privileges. BEWARE ! every php script can now execute server.php, make it secure ! (filter parameters etc.)
I have tested this method and it works !
Kind regards, Pim Koeman
Wittenborg-University, Deventer, the Netherlands
http://www.wittenborg-university.com