From: Nilesh Govindarajan on
On 04/30/2010 08:10 PM, Paul M Foster wrote:
> On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote:
>
>> On 04/30/2010 11:26 AM, Jim Lucas wrote:
>>> Nilesh Govindarajan wrote:
>>>> Hi,
>>>>
>>>> As you know there are lot of control panels lying around like Cpanel,
>>>> Lxadmin, most of them based on PHP. The control panels allow editing of
>>>> system files which requires root privileges, can somebody tell me how to
>>>> gain root privileges inside the script so that it can be useful if I
>>>> want to give my users a DNS editing interface instead of loading a big
>>>> bloated control panel.
>>>>
>>>
>>> We use an interface that writes everything to a DB. Then, every 5
>> minutes, a
>>> cron job comes around and dumps the db and builds the zone files for us.
>>>
>>> Might try something similar. It would be a lot safer then giving
>> root access
>>> via PHP... :)
>>>
>>
>> Hmm that's a great idea. But my question is in general, suppose I get
>> some freelance job to write a control panel for managing httpd, etc.
>>
>> Same procedure can be used ? I think so ?
>
> If you can find an open source control panel (like webmin), you could
> download the code and examine it.
>
> Paul
>

Webmin is written in perl. I will see the code of web-cp which is php based.

--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !
From: Nilesh Govindarajan on
On 04/30/2010 08:12 PM, Ashley Sheridan wrote:
> On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote:
>
>> On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote:
>>
>>> On 04/30/2010 11:26 AM, Jim Lucas wrote:
>>>> Nilesh Govindarajan wrote:
>>>>> Hi,
>>>>>
>>>>> As you know there are lot of control panels lying around like Cpanel,
>>>>> Lxadmin, most of them based on PHP. The control panels allow editing of
>>>>> system files which requires root privileges, can somebody tell me how to
>>>>> gain root privileges inside the script so that it can be useful if I
>>>>> want to give my users a DNS editing interface instead of loading a big
>>>>> bloated control panel.
>>>>>
>>>>
>>>> We use an interface that writes everything to a DB. Then, every 5
>>> minutes, a
>>>> cron job comes around and dumps the db and builds the zone files for us.
>>>>
>>>> Might try something similar. It would be a lot safer then giving
>>> root access
>>>> via PHP... :)
>>>>
>>>
>>> Hmm that's a great idea. But my question is in general, suppose I get
>>> some freelance job to write a control panel for managing httpd, etc.
>>>
>>> Same procedure can be used ? I think so ?
>>
>> If you can find an open source control panel (like webmin), you could
>> download the code and examine it.
>>
>> Paul
>>
>> --
>> Paul M. Foster
>>
>
>
> You could use exce() to run a sudo command (piping the password through
> to it or add the apache user into the sudoers list) to run things at the
> root level. You must be very very careful with this though, and only use
> it as a last resort if you absolutely have to, as any sort of
> vulnerability in your script could compromise your entire server.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>

That was what my basic idea about implementing it, but just put up a
discussion here to see if there is really any other method except sudo-
and there is that cron one as suggested by Jim Lucas.

--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !
From: Ashley Sheridan on
On Fri, 2010-04-30 at 20:23 +0530, Nilesh Govindarajan wrote:

> On 04/30/2010 08:12 PM, Ashley Sheridan wrote:
> > On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote:
> >
> >> On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote:
> >>
> >>> On 04/30/2010 11:26 AM, Jim Lucas wrote:
> >>>> Nilesh Govindarajan wrote:
> >>>>> Hi,
> >>>>>
> >>>>> As you know there are lot of control panels lying around like Cpanel,
> >>>>> Lxadmin, most of them based on PHP. The control panels allow editing of
> >>>>> system files which requires root privileges, can somebody tell me how to
> >>>>> gain root privileges inside the script so that it can be useful if I
> >>>>> want to give my users a DNS editing interface instead of loading a big
> >>>>> bloated control panel.
> >>>>>
> >>>>
> >>>> We use an interface that writes everything to a DB. Then, every 5
> >>> minutes, a
> >>>> cron job comes around and dumps the db and builds the zone files for us.
> >>>>
> >>>> Might try something similar. It would be a lot safer then giving
> >>> root access
> >>>> via PHP... :)
> >>>>
> >>>
> >>> Hmm that's a great idea. But my question is in general, suppose I get
> >>> some freelance job to write a control panel for managing httpd, etc.
> >>>
> >>> Same procedure can be used ? I think so ?
> >>
> >> If you can find an open source control panel (like webmin), you could
> >> download the code and examine it.
> >>
> >> Paul
> >>
> >> --
> >> Paul M. Foster
> >>
> >
> >
> > You could use exce() to run a sudo command (piping the password through
> > to it or add the apache user into the sudoers list) to run things at the
> > root level. You must be very very careful with this though, and only use
> > it as a last resort if you absolutely have to, as any sort of
> > vulnerability in your script could compromise your entire server.
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> >
>
> That was what my basic idea about implementing it, but just put up a
> discussion here to see if there is really any other method except sudo-
> and there is that cron one as suggested by Jim Lucas.
>
> --
> Nilesh Govindarajan
> Site & Server Administrator
> www.itech7.com
> मेरा भारत महान !
> मम भारत: महत्तम भवतु !
>


To make things a little bit more secure when using exec() you could call
a series of custom Bash scripts which you can have set up to only accept
certain ranges of parameters, which would avoid someone passing a string
like "&& nasty_command here" to the command line.

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: Shawn McKenzie on
On 04/30/2010 09:53 AM, Nilesh Govindarajan wrote:
> That was what my basic idea about implementing it, but just put up a
> discussion here to see if there is really any other method except sudo-
> and there is that cron one as suggested by Jim Lucas.
>

Use the sudoers file to allow your apache user to run specific commands
with optional wildcard parameters:

http://linuxmanpages.com/man5/sudoers.5.php

--
Thanks!
-Shawn
http://www.spidean.com
First  |  Prev  | 
Pages: 1 2
Prev: Admin Interface
Next: ldap add Invalid DN syntax