running Apache as root

Anon

Alright, alright - I know it's not a very good idea, but I have a project where I need the scripts to either:
- be able to be execed by a user with absolute power or
- be able to be execed by the real user

Now, I know that this can be done with Apache as root (then the scripts would have absolute power), but this is a security risk waiting to happen. I'd love to get some opinions as to how I could go about getting this done with a PHP/Apache/Oracle backed. One other thing that's a problem - all the user information is stored in tables in the database. I can't add them into the Apache config every time I want to use it as that user...I need to be able to pull the username/pass from the db (easy) and use it to run the scripts under that user/pass...
So, anyone with any ideas - please let me know...

thanks,
-enygma

toma42

cron a script as root (or something more sane) that looks for pending stuff to run and runs it.
I think there's a program called sudo that'll let you grant some permissions to some people. Someone else can probably explain what I'm trying to say.

Anon

It is a bad idea to do that, yet...

Configure httpd.conf file. Usually user/group attributes will be nobody and nobody.

Just change that to root...

Anon

if only it was that easy.
I tried to do that and I got this:

Error: Apache has not been designed to serve pages while
running as root. There are known race conditions that
will allow any local user to read any file on the system.
If you still desire to serve pages as root then
add -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your
src/Configuration file and rebuild the server. It is
strongly suggested that you instead modify the User
directive in your httpd.conf file to list a non-root
user.

So, I did that and tried again - still a no-go. It still won't start no matter what I do....

Anon

Well,

may be you should modify the app that you are trying to execute as root.

change it's ownership to root and chmod it so that anybody can execute it.