Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    PHP effective user


    Hi,

    I want to write my own PHP web admin. I need my script to be able to edit some system config files.

    Assuming the permissions for a file are as follows:

    rw-r--r-- root root

    Is it possible to have a PHP script edit the file?

    I am using Apache, and do not want to change the apache user to be root. Also, changing the permissions of the file is not an option.

    Is there a way to have only certain php scripts executed with UID 0 or is there any other way for me to do this?

    Thanks.

  2. #2
    Linux Guru Cabhan's Avatar
    Join Date
    Jan 2005
    Location
    Seattle, WA, USA
    Posts
    3,252
    Well, what it comes down to do is that if you don't have permissions to access something, you can't access it. Period.

    That said, you can grant some scripts the ability to run with elevated permissions through something called the SUID bit. You can read up about it at:

    http://en.wikipedia.org/wiki/Setuid

    It can be risky, ESPECIALLY if this script is going to be somehow publically accessible. However, that's the only way to do what you want.

  3. #3
    PHP provides access to files for the purpose of reading, writing, or appending content.

    Use the fopen() and fclose() functions for working with files.
    fopen(filename, mode)- function used to open a file. The function requires a filename and mode. It returns a file pointer which provides information about the file and is used as a reference.

    fclose(resource handle) - function used to close a file. The function requires the file pointer created when the file was opened using the fopen() function. Returns TRUE on success or FALSE on failure.


    Cabhan is exactly correct though: for each directory specified, you must have the proper permissions to create, modify, and delete files.

  4. $spacer_open
    $spacer_close
  5. #4
    I am not asking whether I can bypass the file permissions, what I wanted to know was more along these lines:

    - can I setup a virtual host in apache that runs as a different user
    - can I set (in apache) that a specific script is run using a different uid than the default apache User
    - can I somehow use sudo (with NOPASSWD) for a php script
    - or any other way that can be used to setup a web admin (preferrably without changing the permissions)

    Thanks.

  6. #5
    Linux Guru Cabhan's Avatar
    Join Date
    Jan 2005
    Location
    Seattle, WA, USA
    Posts
    3,252
    -->
    You cannot set it such that a script will be run by Apache with a different permission than the file actually is. For creating a virtual host, I don't know, but it's probably complicated if possible.

    The ONLY way to run a script with a different UID than your own is through the use of the SUID bit. You might require the script to be run as root by the enduser, which would defeat the need of changing permissions, but the permission system is intended for the the exact purpose of preventing you from doing things like this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •