Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Running commands though PHP/Perl scripts as a priviledged user on Linux

Background: I am writing a script for a company that will allow users to create FTP accounts through a web interface. In the background, the script must run a bunch of commands:

  • Add the user to the system (useradd)
  • Open and edit various files
  • mail the user via sendmail

and a few other things...

I'm basically looking for the most secure way of doing this. I've heard of the setuid method, the sudo method, and of course, running httpd as a priviledged user. There will be sanity checks on the data entered of course before any commands are executed (ie. only alphanumeric characters in usernames)

What is the method used by the popular scripts out there (webmin for example), as it must be fairly secure?

like image 682
jtd Avatar asked May 12 '10 20:05

jtd


2 Answers

I would set up a queue that the web-bound script can write to.

Then I'd have some privileged process read from that queue and take appropriate action. You could drive a command-line script via a cron job, or write a little daemon in PHP that checks the queue and does the work more frequently than cron allows.

That way, the only code that can run privileged is your little worker script, and you don't need to provide any path for the web-bound script to gain the necessary but dangerous privileges.

like image 170
timdev Avatar answered Nov 10 '22 19:11

timdev


Create a script that accepts a command line option, validates it, and execs useradd. Add your httpd's user to the sudoers file with a NOLOGIN directive, JUST for that one process.

That way, you don't have to worry about writing a daemon that will always run with root privileges, and your script would also return immediately. If you just used a setuid root script, other users on the same system could exec your script (unless you checked their real user ID) .

like image 33
Shizzmo Avatar answered Nov 10 '22 18:11

Shizzmo