Find the answer to your Linux question:
Results 1 to 10 of 10
how i can give apache server root permissions? please help me....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2008
    Posts
    38

    permissions


    how i can give apache server root permissions?
    please help me.

  2. #2
    Linux Engineer Kieren's Avatar
    Join Date
    Aug 2007
    Location
    England
    Posts
    848
    You wouldn't want to do that for security reasons. root has access to your entire computer so you don't want people having access so easily.

    Why do you want it to have root permissions?
    Linux User #453176

  3. #3
    Just Joined! vigour's Avatar
    Join Date
    Oct 2007
    Posts
    68
    Set the apache user UID and GID=0 from /etc/passwd, but suffer the consequences

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Apr 2008
    Posts
    38
    i want to give apache root permissions because i want to execute iptables commands through php code.

  6. #5
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,763
    I'll have to echo Kieren - this is a *really* bad idea.

    As a last resort, use setuid on the iptables command instead.

  7. #6
    Just Joined! vigour's Avatar
    Join Date
    Oct 2007
    Posts
    68
    I would suggest using sudo...

    put in sudo:

    Code:
    Cmnd_Alias ADD=/usr/sbin/iptables -A FORWARD -j ACCEPT -s
    Cmnd_Alias DEL=/usr/sbin/iptables -D FORWARD -j ACCEPT -s
    
    apache ALL=NOPASSWD: ADD
    apache ALL=NOPASSWD: DEL
    Then instead of executing iptables directly you will be allowed to execute only the the iptables rules starting with the above example.. this will allow you for an instance to execute from the php script the following:

    Code:
    sudo iptables -A FORWARD -j ACCEPT -s 192.168.0.1
    PS: This will be especially secure if you are 100% sure that nothing but:

    Code:
    /^\d+\.\d+\.\d+\.\d+$/
    is parsed to the system/exec functions

  8. #7
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,763
    Shyma has ~10 threads about iptables, apache, and php. Most have told him to use sudo - he keeps asking again (I guess) because no one has spelled out the exact code/steps, so I assume he gave up on sudo and is now trying to just make apache run as root.

    Maybe Vigour's post will give him new inspiration.

  9. #8
    Just Joined! vigour's Avatar
    Join Date
    Oct 2007
    Posts
    68
    Oh... so it's good to say how to put things in sudo...

    Just type:

    Code:
    visudo
    Or if you are unfamiliar with Vi, edit /etc/sudoers with your favorite text redactor. The good thing of visudo is that it checks for errors on exit.

    But anyway.. once you put the above lines in sudo, then you will be able to execute iptables commands (BUT STARTING WITH THE EXACT OPTIONS FROM SUDO) as the apache user...


    Good luck..

    PS: My only advise is to check the things you add to iptables.
    e.g. if you are adding an ip address.. make something like:

    Code:
    preg_match("/^\d+\.\d+\.\d+\.\d+$/",$ipaddress,$match);
    if($match[0]) { go_to_sudo_execution(); }
    else { die("Invalid IP address"); }

  10. #9
    Just Joined!
    Join Date
    Apr 2008
    Posts
    38

    iptables restart

    hi
    i want to execute this command throgh php
    service iptables restart
    can you give me steps to do this?
    i means that steps to edit sudo.what i should type?
    please help me because i try any solution that i find in this forum but i faild.

  11. #10
    Just Joined! vigour's Avatar
    Join Date
    Oct 2007
    Posts
    68
    1. Open the sudo conf file

    Code:
    visudo
    2. Save the following lines:

    Code:
    Cmnd_Alias RES=/etc/init.d/httpd restart
    
    apache ALL=NOPASSWD: RES
    3. Execute from the php script:

    Code:
    exec("/usr/bin/sudo /etc/init.d/iptables restart");
    And you should not have any problems restarting the iptables rules.
    Last edited by vigour; 07-07-2008 at 02:43 PM. Reason: little mistake

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •