Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
2
Hi all
Having a little issue, I want to run a program in linux under a specific user, my issue is that as it is being run from a PHP file from the web using exec it will only run the program under the apache user (default user).
Is there a way i can run it as the user I want (a local user)? As permissions on the file/location only allow me too..
Command i was using:
echo exec('/programhere');
I know its simple but it does work, a whoami does echo apache.
Tried sudo but that requires a password to be entered etc.
Any help would be great!
Cheers
Neo
4 replies to this topic
Back to top|
|
|
#2
Posted 06 September 2011 - 10:31 PM
Orjan
-
- Moderators
-
- 3,299 posts
Writes binary right handed and hex left handed
- Location:Karlstad, Sweden
- Programming Language:C, Java, C++, C#, PHP, JavaScript, Pascal
- Learning:Java, C#
of course sudo needs a password, how easy wouldn't it be to hack a server otherwise, just run a php command and the server is yours?
__________________________________________
I study Information Systems at Karlstad University when I'm not on CodeCall
I study Information Systems at Karlstad University when I'm not on CodeCall
#3
Posted 07 September 2011 - 12:10 AM
Neoburner
-
- Members
-
- 10 posts
Newbie
Thanks for that helpful post. Anyone fancy trying a guess at an answer? Not trying to show me up with information i already know!
#4
Posted 07 September 2011 - 02:19 AM
Alexander
-
- Moderators
-
- 4,124 posts
It's Science!
- Location:Vancouver, Eh! Cleverness: 200
If the executable is something you must run, then it should be owned by the user whom is not Apache, and should have the setuid bit enabled under its permissions.
As root, or the current user whom owns it:
An octal representation can be used as well, such as 4555 (4 being setuid, 555 being permissions)
This should allow Apache to run programhere as the user whom owns it, and thus allow access to the other user's files under the program - according to what you have stated is required.
More context could be helpful.
As root, or the current user whom owns it:
chmod u+s [I]programhere[/I]
An octal representation can be used as well, such as 4555 (4 being setuid, 555 being permissions)
This should allow Apache to run programhere as the user whom owns it, and thus allow access to the other user's files under the program - according to what you have stated is required.
More context could be helpful.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
#5
Posted 07 September 2011 - 02:27 AM
Neoburner
-
- Members
-
- 10 posts
Newbie
Thanks Alex
What I managed too do is add the program to the group and force a sudo with nobody and works great, creates a screen session (as more than one program being run) and places the program inside it.
Just edited the sudoers file with a bit of tweaking, once i'm fully happy its safe ill post my findings :)
Neo
What I managed too do is add the program to the group and force a sudo with nobody and works great, creates a screen session (as more than one program being run) and places the program inside it.
Just edited the sudoers file with a bit of tweaking, once i'm fully happy its safe ill post my findings :)
Neo
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
