hello
I have a PHP (could be Perl) script that needs to be executed as root.
Yep, I know I probably shouldn't do that, but that's the only solution I found (it's a server administration tool).
I'm planning to use a one-time-password + SSL as security, but the only options I could think are:
1) Run PHP/Perl as root and then escalate to the user I want to admin (for security reasons, I don't want to allow commands to be run as root)
2) Install an alternative HTTP server (like lighttpd) and try to run scripts as root
3) Bind the perl script as a daemon (running as root) and connect/authenticate to it using PHP/Perl (so I can allow connection just from localhost)
The best solution would be if apache could escalate to the user I really want to run commands as (but this user would be passed as parameter to my script). The second best option for me would be the apache running the script as root (and the first thing the program would do would be to escalate to the user). And the last option would be the third one.
Any suggestions? Can Apache run scripts as root or as a user passed as parameter?
I have a PHP (could be Perl) script that needs to be executed as root.
Yep, I know I probably shouldn't do that, but that's the only solution I found (it's a server administration tool).
I'm planning to use a one-time-password + SSL as security, but the only options I could think are:
1) Run PHP/Perl as root and then escalate to the user I want to admin (for security reasons, I don't want to allow commands to be run as root)
2) Install an alternative HTTP server (like lighttpd) and try to run scripts as root
3) Bind the perl script as a daemon (running as root) and connect/authenticate to it using PHP/Perl (so I can allow connection just from localhost)
The best solution would be if apache could escalate to the user I really want to run commands as (but this user would be passed as parameter to my script). The second best option for me would be the apache running the script as root (and the first thing the program would do would be to escalate to the user). And the last option would be the third one.
Any suggestions? Can Apache run scripts as root or as a user passed as parameter?