icebrian Posted January 22, 2008 Share Posted January 22, 2008 Hi all... I am in need of some help. Currently I am developing a PHP frontend for a CLI program. Now my question concerns the following, I need to execute said CLI program from the web interface as root. Specifically I would like to start a process as root and run every following command as root. Currently I am being forced to run everything as the webserver user/group meaning, configuration files, tty ports (which are needed), etc.. all need to allow permission's of apache UID or rw permission for everyone. After a bit of research I came to the conclusion there are a few options, now, my doubt is which one should I use and, if any other options exist. So, the options I have are: 1) use sudo by adding apache UID to sudoers file and only allowing execution of said CLI command which is not critical to system administration, 2) using a setuid wrapper, however I haven't found a wrapper that allows provision of options to command, ie: cp option1 option2, 3) suphp (http://www.suphp.org) which I haven't quite understood how it works or 4) leave as is and run CLI program as the apache user. In the meantime I would like to explain what the CLI program is, specifically it is named Heyu. Heyu is an X10 controller that uses the CM11A/CM17A interface to send and receive X10 signal's via serial port for home automation applications. I am clarifying this, so that people are aware of the low risk involved while executing. Any help or point in the right direction will be much appreciated. Regards, icebrian Quote Link to comment Share on other sites More sharing options...
ziv Posted January 22, 2008 Share Posted January 22, 2008 remember that any solution you'll choose - this is a security breach!!!! about your options: 1. you can't do it (you can - but it's not worth it. you need to open pipe, and send the commands threw this pipe and so on...) 2. this is good one, you probably need to write your own wrapper (this is the solution that my company use). 3. that solution is new to me and i gonna check it right now. 4. that option is ok, if your scripts do not need privilege user or specials permissions. another solution, is to write your own daemon (you can write a cli-php daemon) and use this daemon as a server to run applications. build it as a simple server that listen to some rare port, and accept in the requests a path to the script you want to run, list of parameters and password (for security). Quote Link to comment Share on other sites More sharing options...
icebrian Posted January 22, 2008 Author Share Posted January 22, 2008 Hi, thanks for your reply. Concerning your reply to the 4th option, the truth is the only restricted access the CLI program needs is access to the ttyS0 port, currently what I am doing is running 'chmod o+rw /dev/tts/0', but I need to do this every time I boot, this is the main reason why I am looking into running the CLI program as root. So in your opinion is the best way of acomplishing this using a php-cli deamon? And have you taken a look at suphp? Any opinion? Regards, icebrian Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.