Find the answer to your Linux question:
Results 1 to 10 of 10

Thread: permissions

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1


    how i can give apache server root permissions?
    please help me.

  2. #2
    Linux Engineer Kieren's Avatar
    Join Date
    Aug 2007
    You wouldn't want to do that for security reasons. root has access to your entire computer so you don't want people having access so easily.

    Why do you want it to have root permissions?
    Linux User #453176

  3. #3
    Set the apache user UID and GID=0 from /etc/passwd, but suffer the consequences

  4. $spacer_open
  5. #4
    i want to give apache root permissions because i want to execute iptables commands through php code.

  6. #5
    I'll have to echo Kieren - this is a *really* bad idea.

    As a last resort, use setuid on the iptables command instead.

  7. #6
    I would suggest using sudo...

    put in sudo:

    Cmnd_Alias ADD=/usr/sbin/iptables -A FORWARD -j ACCEPT -s
    Cmnd_Alias DEL=/usr/sbin/iptables -D FORWARD -j ACCEPT -s
    apache ALL=NOPASSWD: ADD
    apache ALL=NOPASSWD: DEL
    Then instead of executing iptables directly you will be allowed to execute only the the iptables rules starting with the above example.. this will allow you for an instance to execute from the php script the following:

    sudo iptables -A FORWARD -j ACCEPT -s
    PS: This will be especially secure if you are 100% sure that nothing but:

    is parsed to the system/exec functions

  8. #7
    Shyma has ~10 threads about iptables, apache, and php. Most have told him to use sudo - he keeps asking again (I guess) because no one has spelled out the exact code/steps, so I assume he gave up on sudo and is now trying to just make apache run as root.

    Maybe Vigour's post will give him new inspiration.

  9. #8
    Oh... so it's good to say how to put things in sudo...

    Just type:

    Or if you are unfamiliar with Vi, edit /etc/sudoers with your favorite text redactor. The good thing of visudo is that it checks for errors on exit.

    But anyway.. once you put the above lines in sudo, then you will be able to execute iptables commands (BUT STARTING WITH THE EXACT OPTIONS FROM SUDO) as the apache user...

    Good luck..

    PS: My only advise is to check the things you add to iptables.
    e.g. if you are adding an ip address.. make something like:

    if($match[0]) { go_to_sudo_execution(); }
    else { die("Invalid IP address"); }

  10. #9

    iptables restart

    i want to execute this command throgh php
    service iptables restart
    can you give me steps to do this?
    i means that steps to edit sudo.what i should type?
    please help me because i try any solution that i find in this forum but i faild.

  11. #10
    1. Open the sudo conf file

    2. Save the following lines:

    Cmnd_Alias RES=/etc/init.d/httpd restart
    apache ALL=NOPASSWD: RES
    3. Execute from the php script:

    exec("/usr/bin/sudo /etc/init.d/iptables restart");
    And you should not have any problems restarting the iptables rules.
    Last edited by vigour; 07-07-2008 at 02:43 PM. Reason: little mistake

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts