views:

34

answers:

5

Hi,

I have a server that hosts several domains. From one of the domains, using a php script I want to be able to append a few lines to the .htaccess of other domains.

For example from masterdomain.com I want to append some lines to the .htaccess of otherdomain.com. So from a php file in /home/masterdomain/www/ I want to append a few lines to the .htaccess located at /home/otherdomain/www.

To do this I have written a shell script, when I run the shell script as root, it works but when running it via php, exec('./write_htaccess.sh') it's not working, nothing happends. I checked and there are no errors returned.

I have tried chmod u+s on write_htaccess.sh to try and make it run as root each time but that didn't work either, I might have set the s bit wrongly though.

How could I achieve this? Do I have to give php root priviledges, what would be the best way to do this?

A: 

How about adding php to sudoers and allow it to do just the one thing.

Kristoffer S Hansen
A: 

PHP is probably being run by whichever user your web server is running under; I'm guessing when you say server you mean web server. On Red Hat or Fedora that is apache (unless you're using a different web server), other flavors of linux might use www or some other user. When you run your shell script from PHP it's being executed by the user apache. That user needs write permissions to the .htaccess file, or needs to be in a group with write access to the .htaccess file.

Try changing the .htaccess file's group ownership to apache (or whatever) and making it group writable. That avoids mucking about with sudo or setuid bits. Of course, it means anyone in that group can modify the .htaccess file.

mazianni
The problem is that many of those .htaccess don't yet exist, and I don't want to manually create them since I have well over 100 domains on this server.
b2238488
You could make sure the web server user has write permissions (either directly or through group ownerships) to each directory and have your write_access.sh script create the .htaccess file if it doesn't exist. I think you want to be wary of giving up too many permissions though, it's a security risk. You definitely should read up on protecting the .htaccess file. Depending on what you're trying to accomplish there's probably a different way of doing it, maybe something that doesn't require loosening permissions so much.
mazianni
A: 

You can connect to sftp/ftp/ssh with php and authenticate as the user which files you are trying to edit.

Sander Backus
A: 

Bash (and other shells) invoke other commands as the real user id not the effective user id - hence the 's' flag has no effect. Invoke the program using sudo and it should work as expected, or setup the script to run from [x]inetd (with appropriate access controls).

symcbean
A: 

Can you make the file group-writable, and add both users to the same group?

dj_segfault