I need to call a PHP script from a remote computer which will invoke the remote server to change a DNS record. Is this possible? I have everything working fine in test environment but PHP doesn't have access to /var/namdd/mydomain.com.db. It's a VPS of mine that I have root access to so getting access isn't a problem. I just want the script to do it for me. Any ideas?
Assuming the other server is running BIND, the files could be owned by named, not root. Would be a much simpler option. Also, you could make them 777 and then have PHP simply edit them.
Three ways immediately come to mind:
Changing the permissions of the file.
Creating a daemon to do it.
Creating a command and configuring sudo to run it without a password.
Changing the permissions of the file
The simplest case would be to change the permissions of the file. To do this, you'll probably at least want to know
the user reading the file, and
the user your PHP script runs as.
If the users are the same, then of course the answer is simple: change the owner to that user. Otherwise, if the file contains no sensitive information, you might be able to change the owner to the PHP user and grant read access to all users. Finally, you might be able to create a new group containing those two users and change the group of the file. Then you could change the user of the file to the PHP user and grant write permissions, change the group to the group you created and grant read permissions, and grant no permissions to everyone else.
Creating a daemon to do it
This is rather involved; I can't say I would recommend this option. Essentially, you have a background process running with whatever privileges are necessary. This process can do whatever needs to be done and communicate with processes of lesser privilege. When the PHP script needs to modify that file, it can send a request over to the daemon, which can then change the file on behalf of the PHP script.
Command with sudo
This is probably one of the best ways to do it. Essentially, you'll need to create some command that does whatever you need to do with the file; then, once you know it works when run as root (or preferably some less privileged user which still has the necessary privileges), you can configure sudo to let the PHP user execute it as the more privileged user without a password.
Related
I am trying to set up automatic deployment for a Magento store. I have put together some basic scripts that pull master branch directly to my production web folder using a web hook which works great however am slightly worried about permissions.
To have this work i had to make the whole web folder apache:apache for owenership so that the web hook when running php as the apache user could do the pull request.
I would rather however have the permissions set slightly differently so a user admin:apache and have the deploy script run as admin user for better security.
Is there a way to have a php file that is triggered by a web hook run as another user. I read that chmod u+s would run the file as the owner of that file however this does not seem to be working. What are my best options for this or shall i just leave the web user as completely owning the whole folder?
I've read that this can be done via phpFPM or maybe SuPHP however unsure which way to go or what others generally do in this situation.
My Solution
I'm thinking i may have the deploy script just set a flag, a needs updating flag in a file. Then to run as whichever user i can set a cron for the user i want it to run as to check this flag file for if updates are required and then if so then run my scripts. This may be a long way around but was the best i could think of with my limited knowlesdge here.
I have a php script that needs to create/delete files within the /www/mydata directory (using centos+linux+apache).
I gave the "apache" user ownership of www/mydata to allow this.
Is that secure enough? Is there a better method? I would much prefer that ONLY the specific script have "ownership" of www/mydata and only while it's running, in case someone is getting up to shenanigans.
Can that be done, or am I stuck giving the apache user all these privs?
Edit: to forestall a few obvious answers, I have attempted to have the script create the directory (it can't) and I've also attempted to set the directory permissions in the script on the fly using PHP's chmod (no deal).
The "Apache" user you mentioned can be ANYONE from the Internet that running the script. If you want to secure the "www/mydata" directory, you can try to check the user's privilege before they execute the actual "create/delete" actions.
So far my search has shown the potential security holes that will be made while trying to perform a sudo'd command from within PHP.
My current problem is that I need to run a bash script as sudo on my work web server via PHP's exec() function. We currently host a little less than 200 websites. The website that will be doing this is restricted to only be accessible from my office's IP address. Will this remove any potential security issues that come with any of the available solutions?
One of the ways is to add the apache user to the sudoers file, I assume this will apply to the entire server so will still pose an issue on all other websites.
Is there any solution that will not pose a security threat when used on a website that has access restricted to our office?
Thanks in advance.
Edit: A brief background
Here's a brief description of exactly what I'm trying to achieve. The company I work for develops websites for tourism related businesses, amongst other things. At the moment when creating a new website I would need to setup a hosting package which includes: creating the directory structure for the new site, creating an apache config file which is included into httpd.conf, adding a new FTP user, creating a new database for use with the website CMS to name a few.
At the moment I have a bash script on the server which creates the directory structure, adds user, creates apache config file and gracefully restarts apache. That's just one part, what I'm looking to do is use this shell script in a PHP script to automate the entire website generation process in an easy to use way, for other colleagues and just general efficiency.
You have at least 4 options:
Add the apache user to the sudoers file (and restrict it to run the one command!)
In this case some security hole in your php-apps may run the script too (if they can include the calling php for example - or even bypass the restriction to your ip by using another url that also calls the script, mod_rewrite)
Flag the script with the s bit
Dangerous, don't do it.
Run another web server that only binds to a local interface and is not accessible from outside
This is my prefered solution, since the link calling the php is accessible by links from your main webserver and the security can be handled seperately. You can even create a new user for this server. Some simple server does the job, there are server modules for python and perl for example. It is not even necessary, that you enable exec in your php installation at all!
Run a daemon (inotify for example, to watch file events) or cronjob that reads some file or db-entry and then runs the command
This may be too complex and has the disadvantage, that the daemon can not check which script has generated the entry.
I have the following code:
mkdir($thumb_dir)
which creates a directory in the proper location, but when I view the permissions it is
Owner : nobody
Group : nobody
I don't have shell access to chown. How do I prevent the user assigned as nobody and how do I delete the folder that I have already made since I don't have permission.
It's a godaddy shared server...
you can delete empty directories with rmdir().
nobody is the user that runs the apache process. You can't change the owner from within php, nor you can delete the folder using shell access (or make any changes on it whatsoever) without root permissions; you can manipulate it only through php
This happens because the Web server is run by the nobody user. Therefore, everything you do on the file system will be done with the privileges of nobody.
There is typically no way for you to change anything about that. You'll have to manage with the Apache user being different from the FTP user you have. If you create a directory with PHP, you'll only be able to delete it with PHP (using rmdir() when the directory is empty), and if you create files you will most likely have to delete them from PHP as well.
I suggest that you create your directory structure with your FTP user and keep as little PHP-generated content around as possible because of that.
You can alleviate the symptoms using permissive authorizations (with chmod), but that's generally not a super good idea security-wise.
Use rmdir($thumb_dir); to delete it.
You cannot change your PHP user on a shared server.
This is my directory structure:
-st.ambulance
---public_html
---resources
My document root is public_html. I have a script in resources that I need to execute securely (meaning: normal users shouldn't be able to execute it). How would I do this?
Normal users already won't be able to execute it if they can't get to it in their browser. If it's not in your document root, they shouldn't be able to get to it. So, it's already safe, unless one of the scripts in your document root is including it, or your site gets hacked.
As far as executing the script yourself, find out whether it should be run from the command line or as a web page. If it can run at the command line, just ssh in and run it. If it needs to be run as a web page, have your web server serve the resources directory to an admin (sub)domain, secured by https, and password protect it with something like basic http authentication.
What is the script? I guess that doesn't matter so much anyway, but what you can do is use:
require_once("/../resources/script.php);
I should add that you of course need to set up your path appropriately.