1

First of all sorry for my English, I am German. I am using Debian with apache2 and php5. The server is just for testing and in my local network, so I’ve got no secure-problems. My Question is:

How to give PHP/the PHP-User root-rights?

For example: I want my .php files in /var/www/ to do file_put_contents() for every file on my server, exec() any command (with root-rights),... when I call them in my browser.

I’ve tried a lot of things, for example I put www-data in the root-group or to change the Apache-User in /etc/apache2/envvars, but nothing worked or I got Errors.

I’ve heard about a httpd.conf but I can’t find this file.

Please help me!

louk
  • 11
  • 1
  • 3
  • You do NOT need to give PHP access to EVERYTHING, no matter what you are trying to do. So set up sudo rights for www-data, with access to only certain commands. – rjdown Oct 30 '14 at 13:25
  • And how? I am new on Linux/PHP – louk Oct 30 '14 at 13:29
  • Edit the `/etc/sudoers` file, some examples here http://stackoverflow.com/questions/3173201/sudo-in-php-exec – rjdown Oct 30 '14 at 13:31
  • But that doesnt allow stuff like file_put_contents(). Is this possible in a simple way? Or am i forced to create the file in /var/www/ and then move it where i want? – louk Oct 30 '14 at 14:02

2 Answers2

2

To be clear, giving PHP root privilege is a terrible idea. Perhaps not in this case but generally: users, that you should not trust, are coming to your server and running code that, even if you wrote it, you should not trust, and you're saying that code can do anything to that machine.

I'd strongly recommend that you look for another way to do this.

In your specific case, I would just make sure that, whatever user Apache is running as (usually apache or www-data), has the correct privileges in /var/www. For example, set the user and group to apache/www-data and give read and write permissions to files. You should be able to arbitrarily give execute privilege to specific files and run them. This still isn't a very good idea.

In terms of giving PHP root privileges, all commands are run as the apache user, and you can't make apache run it without building it yourself. You can however add it to sudoers list (/etc/sudoers), and use PHP's exec command to do things through sudo. But please... DO NOT DO THIS

DanielM
  • 6,380
  • 2
  • 38
  • 57
  • As a side note, only ever edit /etc/sudoers with the visudo command as it will validate the file before saving it. I also recommend giving sudo access based on groups instead of users. Usually there's either a wheel or sudo group you can add users too, just check it's active with visudo first. You'll need to have the NOPASSWD option to make it work via Apache I think. – DanielM Oct 30 '14 at 13:38
0

Edit the /etc/sudoers file, some examples here sudo in php exec() – rjdown

Community
  • 1
  • 1
louk
  • 11
  • 1
  • 3