Geek asks and answers

Change PHP User

I need to change the user php script at runtime. I looked at posix_setuid, but it looks unsafe and requires root priorities. What would be preferable is to change the script user id with the user password (something like posix_setuid($username, $password)) and avoid running the script as root.

I am open to other methods, and the script does not have to be PHP. However, it will be called from apache.

A good theology for the scenario is that cPanel su for the current user in this file manager.

I need to change the user because I am creating a file manager for multi-user setup. I currently have a file manager installed, so apache serves my PHP file manager as root. However, this is not reasonable, because in the event of a security error in the code, one user can edit files on the entire server.

I am looking for a SU method for a script for a registered user, so that in case of a security violation the user is limited only to his files.

+3
source share
2 answers

I needed to do this a while ago. I basically created a bash script that was accessed by resources that only root had access to. Here is what I did:

Use the command visudoto change /etc/sudoers:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
apache ALL= NOPASSWD: /sbin/myscript.sh

, apache /sbin/myscript.sh sudo .

php :

$output = shell_exec("sudo /sbin/myscript.sh");
+6

PHP:

  • PHP + FastCGI suexec
  • suPHP
+1

More articles:


All Articles