Re: PHP Problem

Subject: Re: PHP Problem
From: Brian ThunderEagle (furbs@mail.swjedi.net)
Date: Wed Jan 22 2003 - 22:37:10 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Justin Dieters: "Re: cdrecord"
• Previous message: Jim Gribbin: "Re: cdrecord"
• Next in thread: Joshua J.Kugler: "Re: PHP Problem"
• Maybe reply: Brian ThunderEagle: "Re: PHP Problem"

My scripts dp the following, but I want to do more in the future:
* Add an account into the SQL database, and create a user database
* Create a database for managing a Domain Name
* Database for DNS management (will include capability to modify DNS records)
* Create an e-mail account (which is done by exporting a passwd file and
importing it with chpasswd)
* Create a Database for Lan information (Event dign-up info)
* Create a phpBB account
* Create a Web Account

I know all of the database stuff can be done through the web no problem, but it
would be easier if I could leave it to one single command to create all of the
stuff at once. That would save on sending all the commands to create the
databases over the web.

Its things like the Web account that brings up a problem. To create a web
accoutn, just like the e-mail a user account has to be made on the system, a
user directory has to be created which is "/var/www/public_files/<user>", then
httpd.conf has to be modified with a "<Virtual Host>" section for that user, I
also have it create an SSH account for the user in a CHROOT environment. This
allows them to use SSH, or SFTP which I require rather than FTP. SSH is just an
extra feature. The DNS stuff also will need to be done by scripts since it will
be modifying and creating files, as well as a Domain Name service.

I just have been looking into sudo, which I read online can be used to achieve
what I am trying to do, but I can't get it to work. Even when setting:
ALL ALL=NOPASSWD: ALL

If I have the scripts in: /var/www/html/scripts/
How can I allow Apache to run all those scripts as root?

     Brian ThunderEagle
      - http://www.swjedi.net
      - furbs@swjedi.net
      - bthundereagle@aidea.org

Quoting Clifton Posey <clif@posey.org>:

> Apache would have to be compiled with suexec ability. That was intentially
>
> not the default because of the terrible security problems you are wanting to
>
> achieve. You don't really say what you are trying to achieve, but I would
> suggest you try to do it through apache modules. There are many
> authentication methods that would include using /etc/passwd.
>
> Clif
>
> On Wednesday 22 January 2003 08:52 pm, Brian ThunderEagle wrote:
> > I am driving myself crazy trying to figure this out, but I have faith in
> > AKLUG that someone has seen this before. I have built a bundle of Bash
> > scripts that can be used to set up users on my system. I have created
> forms
> > on my web site that eventually call these Bash scripts according to
> values
> > recieved from the forms. The problem is of course Apache does not run as
> > root, and the scripts run commands that require root. I have tried using
> a
> > wrapper, I have tried adding in "<< EOF" for every command called from
> the
> > main script, but I cannot get it to run successfully. exec(), passthru(),
> > and system() all have yielded no progress. Here is the way it works:
> >
> > $install = "/var/www/html/scripts/add.sh user pass 1 1 1 1 1 1 0"; (for
> > example) exec(''.$install.'');
> >
> > "/var/www/html/scripts/add.sh user pass 1 1 1 1 1 1 0";
> > /var/www/html/scripts/add.sh = primary script that runs 8 other scripts
> > user = username
> > pass = password
> > 1 1 1 1 1 1 0 = What to install (sql web email dn dns chr lan)
> >
> > If someone knows how to make a wrapper that you know works, or some way
> to
> > get around this problem IN ANY WAY please help. I want any possible
> > solution at this point. I have been searching how to do this for nearly 5
> > non-stop hours.
> >
> >
> >
> > Brian ThunderEagle
> > - http://www.swjedi.net
> > - furbs@swjedi.net
> > - bthundereagle@aidea.org
> >
> >
> >
> >
> >
> >
> >
> >
> > -------------------------------------------------
> > This mail sent through IMP: http://horde.org/imp/
> >
> > ---------
> > To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
>

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Justin Dieters: "Re: cdrecord"
• Previous message: Jim Gribbin: "Re: cdrecord"
• Next in thread: Joshua J.Kugler: "Re: PHP Problem"
• Maybe reply: Brian ThunderEagle: "Re: PHP Problem"

This archive was generated by hypermail 2a23 : Thu Jan 23 2003 - 11:39:10 AKST