Run server script from PHP (Linux) (Safe)

Joveice · August 14, 2017

Hello,

Server is Ubuntu 16.04. I talk about restarting webserver but thats just one of the things I want. I might wanna do other things later on so see it as a "placeholder".

So I want to run server scripts from my php scripts. etc restart the webserver from my admin dashboard.

How would I do it? Allow www-data sudo, Works? Yes. Good idea? no, not at all, just forget about it x3

So my idea is to create a script .sh that can restart, stop and start based on the paramerters given and will return the output of the run. This file can then be used by the webserver but not edited.

Is this a good way to do that? / is it even possible to do that? I think I saw that I can allow a script to run as sudo without password.

Thoughts?

Hazy125 · August 14, 2017

Well, your server is probably already set up so that PHP and apache are basically already running as root. So you could just run exec('YourCommand'); and that would work perfectly fine.

Pros;

-Easy AF

-Extends PHP functionality beyond standard web use

Cons;

-Disabled in safe mode

-Someone who finds a security flaw in your PHP script may be able to completely destroy your server

So yeah, possible, but you have to be pretty damn sure your exec stuff is well protected

Joveice · August 14, 2017

2 minutes ago, Hazy125 said:

Well, your server is probably already set up so that PHP and apache are basically already running as root. So you could just run exec('YourCommand'); and that would work perfectly fine.

Pros;

-Easy AF

-Extends PHP functionality beyond standard web use

Cons;

-Disabled in safe mode

-Someone who finds a security flaw in your PHP script may be able to completely destroy your server

So yeah, possible, but you have to be pretty damn sure your exec stuff is well protected

PHP was configured to run as www-data and has never been root so I can't do that

And my exec commands will be hardcoded with no dynamic content.

leodaniel · August 15, 2017

12 hours ago, Joveice said:

PHP was configured to run as www-data and has never been root so I can't do that

And my exec commands will be hardcoded with no dynamic content.

I would use the symfony Process Component:

Quote

The Process component executes commands in sub-processes.

It's great for handling output, errors and so on.

https://symfony.com/doc/current/components/process.html

But basically you are free to use exec(). If the commands are hard coded, there isn't much of a security risk...

Fetzie · August 15, 2017

@Joveice You can give your webserver's user permission to only execute sudo commands in scripts in certain locations (IIRC that's defined in in /etc/sudoers.d). You can also only give it permission to alter the folders and their contents that you want it to be able to alter ( chown -R and chmod xxx ). You can also run the webserver under a system user which doesn't have a shell (set in /etc/passwd - means that you can't su -u webserver as a different user to use those sudoer permissions).

To make sure that nobody passes extra arguments to your scripts (service webserver restart&&rm -rf /) you can also whitelist the arguments permitted, which would be something like this:

#!/bin/bash
  
serviceName="webserver"
passedCommand=${1}
PERMITTED_ARGS=( "restart" "stop" "start" "status" "condrestart" )
  
for i in "${PERMITTED_ARGS[@]}"; do
  if [[ "${i}" = "${passedCommand}" ]]; then
    service ${servicename} ${passedCommand}
  fi 
done