I thought of suPHP but that's not what I need. It doesn't serve to my purposes to run the whole PHP script as a different user. I just need to run one single linux command line as a different user.
Is it possible?
A:
I believe you should try another approach. The "setuid".
http://en.wikipedia.org/wiki/Setuid
Basically you ask the file to run as it's owner, not the program.
eipipuz
2009-12-14 00:53:09
In the link it says: "Due to the increased likelihood of security flaws, many operating systems ignore the setuid attribute when applied to executable shell scripts". A shell script is what I need to run. Does Linux have this restriction?
GetFree
2009-12-14 01:14:11
Not by default, but a script is only permitted to run setuid if its interpreter is also setuid.
ephemient
2009-12-14 01:32:06
What if I compile a C program who in turn executes a shell command and I set the setuid flag for that C program? would it bypass that restriction?
GetFree
2009-12-14 13:25:41
Your C program would need to call `setuid(geteuid())` to get out of setuid mode, but yeah, that would work.
ephemient
2009-12-14 17:32:44
A:
You could try the shell_exec function and sudo
edit: seeing as sudo prompts for a password, you'd might wanna use proc_open, which allows you to use pipes. See this comment for how to create a custom password pipe.
Tor Valamo
2009-12-14 00:53:46
Try proc_open then. See the first example on the manual page that I linked to, for how to use pipes.
Tor Valamo
2009-12-14 01:19:06
A:
You can use that users CRON to execute the script. If this is a web application then you are limited to the Apache/Nobody user with limited permissions. If this just needs to run at a certain time I would use CRON.
Another approach is Sticky Bits
Phill Pafford
2009-12-14 15:01:41