Linux/Apache/PHP Help with exec() and Permissions

hglabs

I have this PHP script that's executing a command "/usr/bin/wvWare -1 /var/www/vhosts/xxxxxxx.com/subdomains/dev/httpdocs/media/uploads/rjpfw96v71p22.doc > /var/www/vhosts/xxxxxxx.com/subdomains/dev/httpdocs/media/uploads/rjpfw96v71p22.html"

Here's the actual script:
$word = "rjpfw96v71p22.doc";
$html = "rjpfw96v71p22.html";

$command = sprintf('/usr/bin/wvWare -1 %s > %s',
               dirname(__FILE__)."/media/uploads/$word",
               dirname(__FILE__)."/media/uploads/$html");

$lastline = exec($command);

This doesn't work when executed by the web browser/PHP because I'm assuming it only has apache permissions and the apache user has limited permissions. But when the same exact command is executed via SSH as the root user it works just fine. I have a feeling it has to deal with user permissions but I lack knowledge on how to set the proper permissions for the apache user to run the command as a root user.

Thanks.

johanafm

Read up on sudo to know what it does and why. Mainly since security is one of the issues, and the other is risking to lock yourself out form using the sudo command.

You will need to edit /etc/sudoers (don't just vi it, use visudo for syntax checking or you may not be able to run sudo again) and add something like

Cmnd_Alias STUFF_WEBSERVER_CAN_DO = /bin/somestuff, /sbin/someotherstuff
webserverusername ALL=(ALL) NOPASSWD: STUFF_WEBSERVER_CAN_DO

Needless to say, NOPASSWD: ALL is a bad idea.

Then

exec('sudo -u webserverusername /bin/somestuff');