Getting root privs
in [General]
|
Prev: Admin Interface
Next: ldap add Invalid DN syntax
From: Nilesh Govindarajan on 30 Apr 2010 10:49 On 04/30/2010 08:10 PM, Paul M Foster wrote: > On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: > >> On 04/30/2010 11:26 AM, Jim Lucas wrote: >>> Nilesh Govindarajan wrote: >>>> Hi, >>>> >>>> As you know there are lot of control panels lying around like Cpanel, >>>> Lxadmin, most of them based on PHP. The control panels allow editing of >>>> system files which requires root privileges, can somebody tell me how to >>>> gain root privileges inside the script so that it can be useful if I >>>> want to give my users a DNS editing interface instead of loading a big >>>> bloated control panel. >>>> >>> >>> We use an interface that writes everything to a DB. Then, every 5 >> minutes, a >>> cron job comes around and dumps the db and builds the zone files for us. >>> >>> Might try something similar. It would be a lot safer then giving >> root access >>> via PHP... :) >>> >> >> Hmm that's a great idea. But my question is in general, suppose I get >> some freelance job to write a control panel for managing httpd, etc. >> >> Same procedure can be used ? I think so ? > > If you can find an open source control panel (like webmin), you could > download the code and examine it. > > Paul > Webmin is written in perl. I will see the code of web-cp which is php based. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु !
From: Nilesh Govindarajan on 30 Apr 2010 10:53 On 04/30/2010 08:12 PM, Ashley Sheridan wrote: > On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote: > >> On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: >> >>> On 04/30/2010 11:26 AM, Jim Lucas wrote: >>>> Nilesh Govindarajan wrote: >>>>> Hi, >>>>> >>>>> As you know there are lot of control panels lying around like Cpanel, >>>>> Lxadmin, most of them based on PHP. The control panels allow editing of >>>>> system files which requires root privileges, can somebody tell me how to >>>>> gain root privileges inside the script so that it can be useful if I >>>>> want to give my users a DNS editing interface instead of loading a big >>>>> bloated control panel. >>>>> >>>> >>>> We use an interface that writes everything to a DB. Then, every 5 >>> minutes, a >>>> cron job comes around and dumps the db and builds the zone files for us. >>>> >>>> Might try something similar. It would be a lot safer then giving >>> root access >>>> via PHP... :) >>>> >>> >>> Hmm that's a great idea. But my question is in general, suppose I get >>> some freelance job to write a control panel for managing httpd, etc. >>> >>> Same procedure can be used ? I think so ? >> >> If you can find an open source control panel (like webmin), you could >> download the code and examine it. >> >> Paul >> >> -- >> Paul M. Foster >> > > > You could use exce() to run a sudo command (piping the password through > to it or add the apache user into the sudoers list) to run things at the > root level. You must be very very careful with this though, and only use > it as a last resort if you absolutely have to, as any sort of > vulnerability in your script could compromise your entire server. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > That was what my basic idea about implementing it, but just put up a discussion here to see if there is really any other method except sudo- and there is that cron one as suggested by Jim Lucas. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु !
From: Ashley Sheridan on 30 Apr 2010 10:55 On Fri, 2010-04-30 at 20:23 +0530, Nilesh Govindarajan wrote: > On 04/30/2010 08:12 PM, Ashley Sheridan wrote: > > On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote: > > > >> On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: > >> > >>> On 04/30/2010 11:26 AM, Jim Lucas wrote: > >>>> Nilesh Govindarajan wrote: > >>>>> Hi, > >>>>> > >>>>> As you know there are lot of control panels lying around like Cpanel, > >>>>> Lxadmin, most of them based on PHP. The control panels allow editing of > >>>>> system files which requires root privileges, can somebody tell me how to > >>>>> gain root privileges inside the script so that it can be useful if I > >>>>> want to give my users a DNS editing interface instead of loading a big > >>>>> bloated control panel. > >>>>> > >>>> > >>>> We use an interface that writes everything to a DB. Then, every 5 > >>> minutes, a > >>>> cron job comes around and dumps the db and builds the zone files for us. > >>>> > >>>> Might try something similar. It would be a lot safer then giving > >>> root access > >>>> via PHP... :) > >>>> > >>> > >>> Hmm that's a great idea. But my question is in general, suppose I get > >>> some freelance job to write a control panel for managing httpd, etc. > >>> > >>> Same procedure can be used ? I think so ? > >> > >> If you can find an open source control panel (like webmin), you could > >> download the code and examine it. > >> > >> Paul > >> > >> -- > >> Paul M. Foster > >> > > > > > > You could use exce() to run a sudo command (piping the password through > > to it or add the apache user into the sudoers list) to run things at the > > root level. You must be very very careful with this though, and only use > > it as a last resort if you absolutely have to, as any sort of > > vulnerability in your script could compromise your entire server. > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > > > That was what my basic idea about implementing it, but just put up a > discussion here to see if there is really any other method except sudo- > and there is that cron one as suggested by Jim Lucas. > > -- > Nilesh Govindarajan > Site & Server Administrator > www.itech7.com > मà¥à¤°à¤¾ à¤à¤¾à¤°à¤¤ महान ! > मम à¤à¤¾à¤°à¤¤: महतà¥à¤¤à¤® à¤à¤µà¤¤à¥ ! > To make things a little bit more secure when using exec() you could call a series of custom Bash scripts which you can have set up to only accept certain ranges of parameters, which would avoid someone passing a string like "&& nasty_command here" to the command line. Thanks, Ash http://www.ashleysheridan.co.uk
From: Shawn McKenzie on 1 May 2010 15:12
On 04/30/2010 09:53 AM, Nilesh Govindarajan wrote: > That was what my basic idea about implementing it, but just put up a > discussion here to see if there is really any other method except sudo- > and there is that cron one as suggested by Jim Lucas. > Use the sudoers file to allow your apache user to run specific commands with optional wildcard parameters: http://linuxmanpages.com/man5/sudoers.5.php -- Thanks! -Shawn http://www.spidean.com |