I am looking for a way to securely execute a shell script with sudo through a web interface. Security is the main concern here. I don’t want to provide my PHP file to access the sudo fully. What will be the best way to accomplish this?
Asked
Active
Viewed 516 times
0
-
Please add more details, your question is not clear. – Kaushal Kumar Jul 23 '20 at 20:09
-
Give your web server user sudo access to only run a single command, and only as a specific user. – that other guy Jul 23 '20 at 22:26
-
@thatotherguy, Could you please elaborate more, how can I give the access for single command – Vipin Jul 24 '20 at 18:02
1 Answers
0
The best solution would be to have your php file execute a bash script that executes the sudo commands, as it's not recommended granting the "web-server user" root/admin access.
With a bash file you can control what is executed while being sure it cannot be changed easily and even pass variables if needed I.E perform different sudo commands depending on the variable passed.
LUX
- 97
- 1
- 9
-
Thanks for answer, I am trying it with a bash script only, but my bash script requires some sudo permission to execute properly. I can run that one with sudo permission easily but I am main concerned about the security. Could you please elaborate more to run this bash script with sudo permission through a web interface without compromising the code and that need to be secured too. – Vipin Jul 24 '20 at 05:27
-
@Vipin executing a shell command through web does not comprise code. you would send the literal shell command to execute the file as if you were on the console. Since this is done in the background where the source code would only be visible server-side an end user cannot modify this command unless you would make that a dynamic variable which i would not recommend at all! my best solution would be to create 2 files if you really need sudo permission to execute. 1 that the server executes which contains instructions to execute the other file with admin permissions. – LUX Sep 26 '20 at 10:54