From owner-freebsd-stable@FreeBSD.ORG Fri Sep 27 10:19:32 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id EC8697B1 for ; Fri, 27 Sep 2013 10:19:32 +0000 (UTC) (envelope-from ronald-freebsd8@klop.yi.org) Received: from cpsmtpb-ews05.kpnxchange.com (cpsmtpb-ews05.kpnxchange.com [213.75.39.8]) by mx1.freebsd.org (Postfix) with ESMTP id 63D1B2130 for ; Fri, 27 Sep 2013 10:19:31 +0000 (UTC) Received: from cpsps-ews13.kpnxchange.com ([10.94.84.180]) by cpsmtpb-ews05.kpnxchange.com with Microsoft SMTPSVC(7.5.7601.17514); Fri, 27 Sep 2013 12:18:22 +0200 Received: from CPSMTPM-TLF104.kpnxchange.com ([195.121.3.7]) by cpsps-ews13.kpnxchange.com with Microsoft SMTPSVC(7.5.7601.17514); Fri, 27 Sep 2013 12:18:22 +0200 Received: from sjakie.klop.ws ([212.182.167.131]) by CPSMTPM-TLF104.kpnxchange.com with Microsoft SMTPSVC(7.5.7601.17514); Fri, 27 Sep 2013 12:18:22 +0200 Received: from 212-182-167-131.ip.telfort.nl (localhost [127.0.0.1]) by sjakie.klop.ws (Postfix) with ESMTP id D93D6874 for ; Fri, 27 Sep 2013 12:18:21 +0200 (CEST) Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-stable@freebsd.org Subject: Re: Running a script via PHP References: Date: Fri, 27 Sep 2013 12:18:21 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: Quoted-Printable From: "Ronald Klop" Message-ID: In-Reply-To: User-Agent: Opera Mail/12.16 (FreeBSD) X-OriginalArrivalTime: 27 Sep 2013 10:18:22.0421 (UTC) FILETIME=[E50EE850:01CEBB6A] X-RcptDomain: freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Sep 2013 10:19:33 -0000 On Fri, 27 Sep 2013 11:18:40 +0200, Michael BlackHeart = wrote: > Hello there, > It's quite off-topic, but I'm using freebsd-stable,so > > The priblem is - running a script that requires root privileges via PH= P = > (or > probably CGI - I do not care, just want it to be secure and working). > > It's all about minidlna service (I use upnp to so mediatomb and other = are > no options). On FreeBSD it should be resync-ed manually, so I've got a= > simple script placed in /etc/periodic/daily: > > more 957.dlna_update > #!/bin/sh > #Script to daily update minidlna DB > > a=3D"$*" > > if (/usr/local/etc/rc.d/minidlna stop 1>/dev/null);then > sleep 10 > if /usr/local/etc/rc.d/minidlna rescan;then > /usr/bin/logger -t minidlna "DB updated." > exit 0 > else > /usr/bin/logger -t minidlna "Error. Failed to update DB." > exit 1 > fi > else > /usr/bin/logger -t minidlna "Error. Failed to update DB." > exit 1 > fi > > And it's working fine to me. But it uses service infrastructure. So wh= en > I'm trying to run via PHP it fails. For example running under = > unprivileged > user: > > id > uid=3D1001(amd_miek) gid=3D0(wheel) groups=3D0(wheel),5(operator) > > -rwsr-sr-x 1 root wheel 394 27 =D1=81=D0=B5=D0=BD 10:58 957.dlna_updat= e* > > sh -x 957.dlna_update > + a=3D'' > + /usr/local/etc/rc.d/minidlna stop > kill: 10786: Operation not permitted > + /usr/bin/logger -t minidlna 'Error. Failed to update DB.' > + exit 1 > > What is the best way to run it via WEB? You can't setuid a shell script. The executable actually is '/bin/sh' = which just reads the shell script. So you should setuid /bin/sh which is= a = security problem. You can use sudo to do this. (/usr/ports/security/sudo) Ronald.