Giving Apache sudo access
Kyle Sexton
ks at mocker.org
Tue Mar 20 13:12:00 CDT 2007
On Tue, Mar 20, 2007 at 12:49:39PM -0600, Jared wrote:
> I have a line in sudoers which gives Apache sudo access
> to run *a single script* in a specific location, outside
> the htdocs tree:
>
> apache ALL=(ALL) NOPASSWD: /usr/bin/php -f /path/sudo_app.php
>
> Thus the apache user can run this single command.
>
> Because I can't seem to pass command-line arguments ($argv) to
> this sudo_app, I write a tiny tmp file. In htdocs, I have
> a small php script: 'app.php':
>
> <?php
> file_put_contents('/tmp/vars.txt',"$_GET[a]\n$_GET[b]");
> `sudo /usr/bin/php -f /path/sudo_app.php`
> ?>
>
> ($_GET[a] represents an argument passed through the URL
> like this: http://localhost/app.php?a=1&b=2)
>
> Inside sudo_app.php, I open /tmp/vars.txt, read the two
> variables, and pass them with full root access to the rest
> of the script, which accesses /dev/ttyS0. Then the script
> deletes the /tmp files.
>
> It works, but it seems more complicated than it should be,
> involving two scripts, a tmp file, and a line in /etc/sudoers,
> in order to run a single command.
>
> Does anyone have another idea for giving an apache module
> the ability to have root access to /dev/ttyS0, without
> compromising the box?
>
> -Jared
>
> _______________________________________________
> Kclug mailing list
> Kclug at kclug.org
> http://kclug.org/mailman/listinfo/kclug
Have you looked at apache suEXEC support? More info at:
http://httpd.apache.org/docs/1.3/suexec.html
Not sure if this is what you want, but using /etc/sudoers strikes me as
odd. :)
--
Kyle Sexton
More information about the Kclug
mailing list