2

I am working on a embedded linux system with a web interface (apache). Basically I need to add shutdown and restart functionality to the web interface. However, I am running into permission issues when running:

exec("shutdown now") etc...when calling through the webpage(ie apache).

How the heck do I allow these commands to be called from apache?

Would prefer not to have to give apache full root permissions, but system security is not a huge deal in my case, so if that is the only way, how can I do that?

James Cotter
  • 798
  • 11
  • 22
  • 2
    Add apache user to sudoers : http://stackoverflow.com/questions/3173201/sudo-in-php-exec – malletjo Dec 13 '11 at 22:29
  • 1
    It might be possible to give apache access to `/dev/initctl`, and if so, that might then allow it to shut down and restart the system, without having to use sudo or giving it root access. This is purely guesswork, however. – qid Dec 13 '11 at 22:43

3 Answers3

2

Making Apache a sudoer is a dangerous move and I'd avoid it. I think QID is close on this... the easiest solution is to set up a cron job under root that runs every X seconds and checks for a file in a directory that apache can write to. Have apache add that file when you want to shut down, and the cron script should have a trigger that (a) removes the file and (b) restarts the machine.

Just be careful that it removes the file correctly and give yourself a pretty long cron delay when you're testing, or the server will just reboot continuously and that would be a mess.

Ben D
  • 14,321
  • 3
  • 45
  • 59
1

Not knowing a good way to do this, I can offer an ugly hack solution: write a tiny daemon that runs as root and accepts commands to shut the system down, and have your PHP script communicate with the daemon through a reasonably-secured channel (for your definition of reasonable; maybe send a signal, maybe write to a file that the daemon watches, maybe just a network socket, whatever).

qid
  • 1,883
  • 10
  • 15
0

be suer you know what you are doing:

exec("sudo ...

apache ALL=(ALL) NOPASSWD: ALL

  • Using sudo is a good idea, but in that case it would be possible to limit apache's access to only certain commands, instead of giving it full root permissions. – qid Dec 13 '11 at 22:37
  • yup all seems a little to dangerous to me. –  Dec 13 '11 at 23:01