Jump to content

PHP Extensions executing outside applications

whir

By whir
in PHP Coding Help

 Share

Recommended Posts

whir Newbie

whir

Posted
Posted

Hi all.

 

First, a bit of an introduction:

I've been lurking the forums for a little while, but this will be my first post.  I work for a very large company as a web developer in both .Net and PHP.

Though I consider myself an experienced PHP developer, this is my first foray into the world of extensions.  I also am fairly UNIX illiterate (past the basics like ls, grep, etc.)

My environment is PHP 5 and Apache 1.3 on Sun OS 5.8 (though we are moving to PHP 5 and Apache 2 on Solaris 10)

 

So here's my question:

Is it possible to write an extension that is capable of executing external programs (or accessing files) that a normal PHP page cannot?  I am thinking I can make the extension run as a different user or something, but am unsure how I could accomplish this.

 

Thanks ahead :)

trq Prolific Member

trq

Posted
Posted
Is it possible to write an extension that is capable of executing external programs (or accessing files) that a normal PHP page cannot?  I am thinking I can make the extension run as a different user or something, but am unsure how I could accomplish this.

 

A module for apache already exists which is capable of what you describe. See mod_suexec.

premiso Regular Member

premiso

Posted
Posted

exec

 

I think those are the functions available with that mod enabled (unsure) but yea, usually it is enabled by default.

 

For running it as a different user, you would probably create a script on your machine (unix) that would log the other user in, execute the program, then logout.

 

How to accomplish that part, I am not sure (I only code in shell when I have too) Check a UNIX forum for that answer =)

trq Prolific Member

trq

Posted
Posted
At first glance however, this appears to be more a setting than a tool.

 

It is a module for Apache which allows you to execute scripts as whatever user you wish. Hence, gives you the ability to access the files and executing programs this chosen user has permissions to access / execute.

 

No point reinventing the wheel.

whir Newbie

whir

Posted
  • Author
Posted

Yes, however in order to enable it, it is necessary to change settings and re-compile PHP.

 

Also, I would like for this to live in an extension to provide an intermediate layer to other developers.  Essentially, I want developers to only ever access an application in a certain way.

premiso Regular Member

premiso

Posted
Posted

Yes, however in order to enable it, it is necessary to change settings and re-compile PHP.

 

Also, I would like for this to live in an extension to provide an intermediate layer to other developers.  Essentially, I want developers to only ever access an application in a certain way.

 

If you created your own module you would still have to enable that too. What is the difference? Other than this one is fully built working and has been tested. Yours isn't.

whir Newbie

whir

Posted
  • Author
Posted

I want it to be an extension and to effect the minimum possible group - mod_suexec (and the resulting changes to PHP) would change anything using PHP.  Granted, it is tested so the chances of anything happening is fairly remote.

 

Building my own extension would not require a rebuild of any kind - dl() would work perfectly fine.

 

This is not an extension to run any application - it is an extension to wrap a specific application in a specific way.

trq Prolific Member

trq

Posted
Posted

The problem is, this really can't be done through php alone. You need to write an extension (module) for Apache. Its the servers (Apache's) permissions you need to influence, not php's.

 

Having said that however, there may be a few tricks you could use to get this job done without the need to write an extension of any kind.

 

This is not an extension to run any application - it is an extension to wrap a specific application in a specific way.

 

If that is indeed the case, you could look into giving your server user (the user Apache runs under) rights to sudo (execute as root) the program in question. This also however may not be what your after, obviously running anything as root is always a last resort.

 

I seriously think mod_suexec is your best bet.

whir Newbie

whir

Posted
  • Author
Posted

The problem is, this really can't be done through php alone. You need to write an extension (module) for Apache. Its the servers (Apache's) permissions you need to influence, not php's.

 

That was what I was afraid of... and also kind of what I was expecting  :-\

 

Sudo is something we really don't want to touch.

 

Turns out we were already looking at using mod_suexec when we upgrad our environment, so I guess that is what we will eventually go for.  I was looking for some kind of minimum-impact stopgap though.

 

Thanks for your help.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.