loggin in as su in PHP

Fast_Build

Hi, can anyone tell me if it is possible to log in as su in a PHP script by calling a shell somehow? If you successfully logged in as root would it be possible to run root programs? If so, can anyone tell me how this would be done? I was thinking something like shell_exec("su"); but am unsure how to enter the password. Has anyone ever done this before?

Thanks for any help,
Dan

SensualSandwich

Why would you even want to do this?

Fast_Build

because my server contains serverl scripts that I need to execute from a PHP script that only work as root, and I've tried SUDO and can't get it to work, so this is my last resort...

mogster

Risky, at best.

But what about using the functions system() or exec() ?
These execute system calls as root, don't they?

If you just want to run a shell-script or some other system commands, just hard-code it into the functions (don't pass system data over the net), and it will run the default action without interaction from client.
Be sure to read about the functions before you use them, there are a lot of pitfalls. Don't allow for passing of arguments.

http://www.php.net/manual/en/function.system.php
http://www.php.net/manual/en/function.exec.php

And put the script well behind a login of some sort 😉

knutm

mogster

Or are system-calls from php be able to run as root? Perhaps they run as Nobody, the standard apache-user?

Well, i'm not sure, actually 😃

jerdo

PHP scripts generally run as the web user (nobody, apache, etc). You really shouldn't try and run root programs from PHP, and if your server allows it it's a huge security hole. Try getting access via SSH and running your stuff that way.

Fast_Build

But I can't just do it through SSH, i need an instant way to run these scripts. It is very important that I figure out someway to do this... Any other ideas???

jerdo

Use Perl.

eriksmoen

are these scripts executed by the system, or did you just create them while you were logged in as root? if you created them, just use chgrp and chown to change the user and group. otherwise, try exec() or command() or system() and seperate each command with a semi-colon. its not the best idea having your scripts run through a root mode cause if anyone knows, they can modify some stuff and cause some harm to your system/network.

Fast_Build

But just using exec or system won't actually log me in as root, they just execute system commands as the user your currently running as. And also, I'm going to be the only semi skilled person on there, so I'm not worried to much. Hmm, maybe this is imposible..

Thanks,
Dan

netster

doin a serverside-ssh-shell? (thinking of a webserverbased-ssh-shell)

FrozNic

OR you could get rid of *nix and install 98 -> hence no more faggish permissions and i don't have to spend 32892328 hours trying to learn why i can't view a file cuz "I'M" not the owner of said file, geebus this is confusing 🙂

access9

because my server contains serverl scripts that I need to execute from a PHP script that only work as root, and I've tried SUDO and can't get it to work, so this is my last resort...

Here's what you do:

Do the following steps as root
1. chown root scriptname
2. chgrp root scriptname
3. chmod +s scriptname

When run by a regular user (nobody), they execute as root.

FrozNic

so here's one for you... what do u do when u have to change the group of the file that your script made and you can't cuz you're not root?

access9

so here's one of you... what do u do when u have to change the group of the file that your script made and you can't cuz you're not root?

First, don't create any files with that script you'll need to access later if you don't have root access.

But the solution would be to add a few lines to the end of your script to chgrp & chown it back to your username/group before the script finishes.