Editing System Files With Elevated Permissions and PHP

Question

I am attempting to create a very simple web interface for changing some system settings on a network appliance. I am fairly new to PHP and becoming painfully aware of how easy it is to do things in hacky ways, so I am trying to write everything with the best practices in mind.

That said, what would the best practice be for editing files owned by root/some other admin account? Would it be to create a protected shell/perl/whatever script that gets executed by PHP? Using setuid was another option that came up, but that doesnt appear to have any way of restricting users.

I hope that wasn't too vague, let me know if you need any more details and I'll be glad to share.

Further Detail: Just to clarify - by edit system files I mean specifically ifcfg's and some proprietary licensing information. So for simplicity's sake, lets just say a simple web interface to change the ip/subnet/gateway/dns settings on a linux-based network appliance.

Answer 1

Don't

That is the best practice.

Reason? You're new to PHP. That first and foremost leaves anything you write very suspect to a variety of pitfalls.

Your question was a bit vague. Elaborate a bit more about what you're trying to change, why it needs to be changed, who is managing this, what is the scope of the application, etc. and better advice can be offered.

Some things to keep in mind are readily available backups of the system. Always make copies of files before you edit them. Don't write directly to the file. Copy the existing file to a backup file and a temporary file. Edit the temporary file and then move it back (rename it) to the original file name. This makes it easy to restore (if you have to) and prevents you from screwing up the file during a write if it fails.

Answer 2

A few things. Take a backup first. Write to a temporary file next. Then validate that file (re-read it to make sure it's syntatically valid, and means what you think it does). Only then, MOVE (mv or rename()) the file over the top of the original. That way, you can never get stuck in a position where another process tries to read while you're still writing, or a write failure causes a syntax error, etc...

Edit:

There are a few things that you can do for the escalated permissions.

One would be to write a script (shell) to validate the file and do the move. You can then setuid that file. So then, you write the temporary file using PHP, validate it in PHP (after all, you can never validate too much). Then call the script to move the temporary file into position (with the escalated privileges).

Another would be to add an account with permission to write to those files only (either via sudo or normally). Then, use PHP to su newuser -c "mv tmpfile finalfile". You'd have to bang out authentication, but it's better than running PHP as escilated...

The other option, would be to use the SSH extension to ssh back into the box (using a private key), upload the file and copy it to the final destination.

But either way you do it, if PHP is hacked, they have access to those files since PHP has a way to...

Answer 3

I would use a shell script for the edit like you say and just use PHP as a web interface to it. That way you can also use the script yourself from the command line if you need to (perhaps a cron job or something). The shell script could just as easily be written in PHP CLI as perl, python or bash so the solution could be entirely PHP if you want.

Josh K and ircmaxell also makes a very good point re-file backups etc.