Date: Fri, 27 Sep 2013 12:18:21 +0200 From: "Ronald Klop" <ronald-freebsd8@klop.yi.org> To: freebsd-stable@freebsd.org Subject: Re: Running a script via PHP Message-ID: <op.w32ewvg18527sy@212-182-167-131.ip.telfort.nl> In-Reply-To: <CA%2BAz77MKoQZRdtiiHX3_88A9PJaxJC0vwHebie%2BwgdsWNNpn3g@mail.gmail.com> References: <CA%2BAz77MKoQZRdtiiHX3_88A9PJaxJC0vwHebie%2BwgdsWNNpn3g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 Sep 2013 11:18:40 +0200, Michael BlackHeart <amdmiek@gmail.co= m> = wrote: > Hello there, > It's quite off-topic, but I'm using freebsd-stable,so > > The priblem is - running a script that requires root privileges via PH= P = > (or > probably CGI - I do not care, just want it to be secure and working). > > It's all about minidlna service (I use upnp to so mediatomb and other = are > no options). On FreeBSD it should be resync-ed manually, so I've got a= > simple script placed in /etc/periodic/daily: > > more 957.dlna_update > #!/bin/sh > #Script to daily update minidlna DB > > a=3D"$*" > > if (/usr/local/etc/rc.d/minidlna stop 1>/dev/null);then > sleep 10 > if /usr/local/etc/rc.d/minidlna rescan;then > /usr/bin/logger -t minidlna "DB updated." > exit 0 > else > /usr/bin/logger -t minidlna "Error. Failed to update DB." > exit 1 > fi > else > /usr/bin/logger -t minidlna "Error. Failed to update DB." > exit 1 > fi > > And it's working fine to me. But it uses service infrastructure. So wh= en > I'm trying to run via PHP it fails. For example running under = > unprivileged > user: > > id > uid=3D1001(amd_miek) gid=3D0(wheel) groups=3D0(wheel),5(operator) > > -rwsr-sr-x 1 root wheel 394 27 =D1=81=D0=B5=D0=BD 10:58 957.dlna_updat= e* > > sh -x 957.dlna_update > + a=3D'' > + /usr/local/etc/rc.d/minidlna stop > kill: 10786: Operation not permitted > + /usr/bin/logger -t minidlna 'Error. Failed to update DB.' > + exit 1 > > What is the best way to run it via WEB? You can't setuid a shell script. The executable actually is '/bin/sh' = which just reads the shell script. So you should setuid /bin/sh which is= a = security problem. You can use sudo to do this. (/usr/ports/security/sudo) Ronald.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.w32ewvg18527sy>