2

I want to use PHP to show some syslog info on a web page to remote monitor my home linux box. I.e. some stuff filtered with grep out of /var/log/daemon.log

<?php
  $output = `grep ddclient /var/log/daemon.log`;
  echo "<pre>$output</pre>";
?>

Now the file /var/log/daemon.log is owned by root and the PHP user (www-data) has no access. So obviously the above returns empty.

What's the solution?

Thanks, Gert

Improve this question

2 Answers 2

Reset to default
2

This is a variant of Puggan Se's setuid solution, but a bit better IMHO.

Create a grep_ddclient.sh shell script, containing:

#!/bin/sh
grep ddclient /var/log/daemon.log

Then add the following to /etc/sudoers:

apache ALL=NOPASSWD: /path/to/grep_ddclient.sh

Then run sudo /path/to/grep_ddclient.sh from PHP

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Alt 1: change read access of the file /var/log/daemon.log so apache can read it.

Alt 2: put grep ddclient /var/log/daemon.log in a shell file, and then activate the SETUID flag on it, and give apache the right to execute it

chown root:apache grep_ddclient.sh
chmod 550 grep_ddclient.sh
chmod +s grep_ddclient.sh

and then run grep_ddclient.sh from php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.