httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Frank" <gfr...@neoservers.com>
Subject RE: [users@httpd] Running httpd as root on a Linux machine
Date Mon, 06 Aug 2007 10:54:07 GMT
Why not use sudo to execute the commands through Apache?  At least then you
don't leave yourself open to an injected "dd if=/dev/random of=/dev/sda" or
the likes.

To setup sudo privs, you would need to edit /etc/sudoers and add:

httpd ALL=(ALL) NOPASSWD: /usr/bin/who,/usr/bin/ssh,/usr/bin/lynx

Then to execute the commands in Apache, run "/usr/bin/sudo
/path/to/command".

Hopefully this will be acceptable (I'm assuming the configuration scripts
try to execute commands on the server that would require root privs).

----
Graham Frank
Neoservers LLC - Founder and Owner
Ph: (608) 359-1593
Member of the Better Business Bureau   


-----Original Message-----
From: Ron Lee [mailto:ronberlin@googlemail.com] 
Sent: Monday, August 06, 2007 5:21 AM
To: users@httpd.apache.org
Subject: [users@httpd] Running httpd as root on a Linux machine

Hi all,

I want to perform remote network configuration on a Linux machine via
web interface. I thought that I can use PHP for this purpose. When I
click on a certain button, I want certain configuration scripts
executed on the Linux machine. So far that works fine.

The problem I have is that my configuration scripts need root
privilege to run but the httpd deamon runs as "apache user". Is it
possible to run httpd as root? I know that this is a big security risk
but I still want to do this to meet my project requirements.

Thanks for any help!!

Ron

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message