Exec command needs root permission

Anon

hi,

i need to execute a linux command i.e. "ipchains -nL" but the command is not executed.
when i looked up in the error log of apache, i found the message "Cannot run ipchains: you need to be root"

can somebody pls tell me how can i run this command?

thanx

smarlowe

First, make your apache web server run as a real user (i.e. useradd httpd, then edit httpd.conf so the user and group are httpd for the daemon) then put a copy if ipchains somewhere only httpd can get to it, chown it to root, then use a chmod 4755 to make it "su" to root when run.

chandrasing

hi,
this is with regard to what u have witten

"
First, make your apache web server run as a real user (i.e. useradd httpd, then edit httpd.conf so the user and group are httpd for the daemon) then put a copy if ipchains somewhere only httpd can get to it, chown it to root, then use a chmod 4755 to make it "su" to root when run."

please tell me the sequence of command to do so

have a good day

smarlowe

Just to be safe, the permissions should really be 4750 and group owner should be httpd. That way if someone finds a way into the directory via a link or something, it still can't get executed by anyone but the httpd user and root.

Anon

Hi,

I've been going nuts trying to figure out how to get the exec function to work on Linux. It must have something to do with permissions. Can someone guide me through the steps (permissions)? here is my configuration:

send.php executes se.cgi
se.cgi is currently in my cgi bin but can be moved to any directory and still be executed.

exec("se.cgi $subject $address $from $ON $direct $urlMsg > /dev/null &");

Many thanks,
Peter Morrissette

smarlowe

Well, whatever you're trying to execute has to have executable permissions for which ever user apache is running as to be run.

If the se.cgi file looks like this:

ls -l se.cgi
-rwxr-xr-x 1 root root 3502 Oct 2 2000 se.cgi

Then it is executable by everyone. If it looks like this:

-rwxr-xr-- 1 root root 3502 Oct 2 2000 se.cgi

Then only root can execute it. You likely just need to change to the owner of the file (likely root) and issue a command like this:

chmod 755 se.cgi

in the directory se.cgi is in.

Good luck.