Execute root commands via PHP
Read this whole post before trying it out, there are choices to be made.
Solution using a binary wrapper (with suid bit)
1) Create a script (preferrably .sh
) that contains what you want to be ran as root.
# cat > php_shell.sh <<CONTENT
#!/bin/sh
/sbin/service sshd restart
CONTENT
2) This file should be owned by root, and since it will later run with root permissions make sure that only root has permission to write to the file.
# chown root php_shell.sh
# chmod u=rwx,go=xr php_shell.sh
3) To run the script as root no matter what user that executes it, we will need a binary wrapper. Create one that will execute our php_shell.sh
.
# cat > wrapper.c <<CONTENT
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int
main (int argc, char *argv[])
{
setuid (0);
/* WARNING: Only use an absolute path to the script to execute,
* a malicious user might fool the binary and execute
* arbitary commands if not.
* */
system ("/bin/sh /path/to/php_shell.sh");
return 0;
}
CONTENT
4) Compile and set proper permissions, including the suid bit (saying that it should run with root privileges):
# gcc wrapper.c -o php_root
# chown root php_root
# chmod u=rwx,go=xr,+s php_root
php_root
will now run with root permissions, and execute the commands specified in php_shell.sh
.
If you don't need to the option to easily change what commands that will be executed I'd recommend you to write the commands directly in wrapper.c
under step 4. Then you don't need to have a binary executing a external script executing the commands in question.
In wrapper.c
, use system ("your shell command here");
to specify what commands you'd like to execute.
Run PHP shell_exec() like root user
Executing commands as root via PHP will leave yourself wide open to all sorts of malicious hackery.
Have a look at the "sudo" documentation.
You should be able to set up all the commands you need as "sudo"able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.
As in:
exec ('sudo getCurrentUser.sh')
First, you need to add the user that PHP is using to run (most of the time it is www-data
) to the sudo group if it is not already assigned.
Then, in your php file:
use sudo -S, so you can pass the password via echo
$exec = "echo your_passwd | /usr/bin/sudo -S your command";
exec($exec,$out,$rcode);
if you have trouble with the paths - use
"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'"
so you get a new bash that acts like a login shell and has the paths set
run command as root via php
phpseclib should be best library choice as it does not requires any additional extensions.
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('example.com');
if (!$ssh->login('user', 'pass')) {
exit('Login Failed');
}
echo $ssh->exec('whoami');
echo $ssh->exec('pwd');
?>
Another alternative is libssh2, but it has to be compiled separately and is notoriously difficult
to setup/use.
Run program that needs root access via PHP
I think changing script owner to www-data will make your script executable.
In Linux, use chown to change script owner
chown www-data file.txt
This will change file.txt owner to www-data
chown -R www-data /files/work
Recursively grant ownership of the directory /files/work, and all files and subdirectories, to user www-data.
Linux chown command details
In PHP, you can use chown function to change ownership
<?php
// File name and username to use
$file_name= "foo.php";
$path = "/home/sites/php.net/public_html/sandbox/" . $file_name ;
$user_name = "root";
// Set the user
chown($path, $user_name);
// Check the result
$stat = stat($path);
print_r(posix_getpwuid($stat['uid']));
?>
Php chown details
Related Topics
Why Does PHP 5.2+ Disallow Abstract Static Class Methods
Codeigniter Htaccess and Url Rewrite Issues
Prevent Direct Access to File Called by Ajax Function
MySQL: Select Random Entry, But Weight Towards Certain Entries
How to Loop Through a MySQL Result Set More Than Once Using the MySQL_* Functions
"[Notice] Child Pid Xxxx Exit Signal Segmentation Fault (11)" in Apache Error.Log
How to Check File Types of Uploaded Files in PHP
Best Way to Defend Against MySQL Injection and Cross Site Scripting
How to Call a MySQL Stored Procedure from Within PHP Code
Downloading Large Files Reliably in PHP
Ping Site and Return Result in PHP
How to Properly Indent PHP/Html Mixed Code
How to Parse Json and Access Results
PHP List of Specific Files in a Directory