apache's http user rights

Hexorg · Tux's lil' helper Joined: 29 Oct 2009 Posts: 116

good daytime to you! I wrote a little program to control my LPT port, and I want to be able to allow php scripts to start it. the program requires root privileges. for LPT access. I was wondering if there is a secure way of allowing php run that program? Maybe an apachesu?

msalerno · Posted: Tue Feb 09, 2010 8:26 pm Post subject:

I would rethink your strategy first, but there is always suexec.

How about have you page write a temp config file via php and then have a cron job scan that dir every x minutes, run a sanity/security check on the file and then load it.

Mad Merlin · Veteran Joined: 09 May 2005 Posts: 1155

Your LPT port is just a device in /dev, thus you can assign the group of the device to be apache, or another group that the apache user is in, and give the group read/write access, thus it'll have access to that device without you having to give apache any other rights.
_________________
Game! - Where the stick is mightier than the sword!

PaulBain · Posted: Wed Feb 10, 2010 6:39 pm Post subject:

I'm not saying this is a good idea, but a quick solution would be to install sudo and allow the apache user to execute a single script as root without password.
You can then just shell_exec("/my/script/as/root.sh");

chias · Posted: Thu Feb 11, 2010 6:52 pm Post subject:

couldn't you just use setuid? like assuming your binary is chowned to root, chmod it to 6755 or something. Then anyone can run it and it'll run as root