On Fri, 2010-04-30 at 20:23 +0530, Nilesh Govindarajan wrote: > On 04/30/2010 08:12 PM, Ashley Sheridan wrote: > > On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote: > > > >> On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: > >> > >>> On 04/30/2010 11:26 AM, Jim Lucas wrote: > >>>> Nilesh Govindarajan wrote: > >>>>> Hi, > >>>>> > >>>>> As you know there are lot of control panels lying around like Cpanel, > >>>>> Lxadmin, most of them based on PHP. The control panels allow editing of > >>>>> system files which requires root privileges, can somebody tell me how to > >>>>> gain root privileges inside the script so that it can be useful if I > >>>>> want to give my users a DNS editing interface instead of loading a big > >>>>> bloated control panel. > >>>>> > >>>> > >>>> We use an interface that writes everything to a DB. Then, every 5 > >>> minutes, a > >>>> cron job comes around and dumps the db and builds the zone files for us. > >>>> > >>>> Might try something similar. It would be a lot safer then giving > >>> root access > >>>> via PHP... :) > >>>> > >>> > >>> Hmm that's a great idea. But my question is in general, suppose I get > >>> some freelance job to write a control panel for managing httpd, etc. > >>> > >>> Same procedure can be used ? I think so ? > >> > >> If you can find an open source control panel (like webmin), you could > >> download the code and examine it. > >> > >> Paul > >> > >> -- > >> Paul M. Foster > >> > > > > > > You could use exce() to run a sudo command (piping the password through > > to it or add the apache user into the sudoers list) to run things at the > > root level. You must be very very careful with this though, and only use > > it as a last resort if you absolutely have to, as any sort of > > vulnerability in your script could compromise your entire server. > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > > > That was what my basic idea about implementing it, but just put up a > discussion here to see if there is really any other method except sudo- > and there is that cron one as suggested by Jim Lucas. > > -- > Nilesh Govindarajan > Site & Server Administrator > www.itech7.com > मेरा भारत महान ! > मम भारत: महत्तम भवतु ! > To make things a little bit more secure when using exec() you could call a series of custom Bash scripts which you can have set up to only accept certain ranges of parameters, which would avoid someone passing a string like "&& nasty_command here" to the command line. Thanks, Ash http://www.ashleysheridan.co.uk
