1

So far my search has shown the potential security holes that will be made while trying to perform a sudo'd command from within PHP.

My current problem is that I need to run a bash script as sudo on my work web server via PHP's exec() function. We currently host a little less than 200 websites. The website that will be doing this is restricted to only be accessible from my office's IP address. Will this remove any potential security issues that come with any of the available solutions?

One of the ways is to add the apache user to the sudoers file, I assume this will apply to the entire server so will still pose an issue on all other websites.

Is there any solution that will not pose a security threat when used on a website that has access restricted to our office?

Thanks in advance.

Edit: A brief background

Here's a brief description of exactly what I'm trying to achieve. The company I work for develops websites for tourism related businesses, amongst other things. At the moment when creating a new website I would need to setup a hosting package which includes: creating the directory structure for the new site, creating an apache config file which is included into httpd.conf, adding a new FTP user, creating a new database for use with the website CMS to name a few.

At the moment I have a bash script on the server which creates the directory structure, adds user, creates apache config file and gracefully restarts apache. That's just one part, what I'm looking to do is use this shell script in a PHP script to automate the entire website generation process in an easy to use way, for other colleagues and just general efficiency.

Improve this question

1 Answer 1

Reset to default
1

You have at least 4 options:

  1. Add the apache user to the sudoers file (and restrict it to run the one command!)
    • In this case some security hole in your php-apps may run the script too (if they can include the calling php for example - or even bypass the restriction to your ip by using another url that also calls the script, mod_rewrite)
  2. Flag the script with the s bit
    • Dangerous, don't do it.
  3. Run another web server that only binds to a local interface and is not accessible from outside
    • This is my prefered solution, since the link calling the php is accessible by links from your main webserver and the security can be handled seperately. You can even create a new user for this server. Some simple server does the job, there are server modules for python and perl for example. It is not even necessary, that you enable exec in your php installation at all!
  4. Run a daemon (inotify for example, to watch file events) or cronjob that reads some file or db-entry and then runs the command
    • This may be too complex and has the disadvantage, that the daemon can not check which script has generated the entry.
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

There is no other URL that will be using this script, see my edit above to get an idea of exactly what the script does. It's strictly for internal use, none of the client websites will have any calls to shell scripts. Will this make any difference to the security issues with option 1 (which seems the easiest).
@William Stewart: At least this is what you intended! If some php-software has filesystem read access to your php-script that is calling the shell script and some security problem in that software allows an external user to include your php file (that allowed to execute the shell script), then that script can execute it!
Great answer by urzeit. I like option 4, where the PHP script would log the pending jobs to a file, then a cron job or daemon (running with the necessary privileges) would execute the jobs. If the PHP script is set to exit immediately if it is not called from his IP (by examining $_SERVER['REMOTE_ADDR']), and no other PHP scripts on the server can write to this file, then I can't see how this could be compromised.
If I was to use a cronjob to run a list of pending jobs from a file I edit from my PHP script, how would I get the cronjob to run immediately after the job file is changed. My previous knowledge of cron is restricted to time-based scheduling, is there a way to run the cronjob when the file is changed? Surely running a cronjob every so many seconds is huge overkill and inefficient?
@William Stewart: You are right. Cron is restricted to tame based triggering commands. Perhaps inotify is your solution.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.