[TriLUG] Executing admin commands in PHP

Jeffery Painter painter at kiasoft.com
Wed Jul 9 12:04:03 EDT 2003


I would look at the webmin package to see how they handle it.

You can control apache, bind and other servives through the webmin 
interface

 http://www.webmin.com

-- 

Jeff Painter
------------
painter at kiasoft.com

President
Kiasoft, Inc.
PO Box 4315
Cary, NC 27519-4315

http://kiasoft.com


On Wed, 9 Jul 2003, Joshua Gitlin wrote:

> Hey guys,
> 
> A client of mine wants me to develop and host a website that will have 
> multiple domains, and he wants to be able to add domains at a later 
> date... so basically I need to build a PHP Application which can add a 
> VirtualHost directive to a special apache configuration file, add an 
> entry to /etc/named.conf, create a file to /var/named/newhost.hosts and 
> fill it with the DNS info, and then reload apache and Bind. For many of 
> these things, I can create "special" configuration files which the 
> webserver has permissions to modify, and then include these special 
> files in my normal config files. (I.E. in httpd.conf, Include 
> ~client/extrahosts.conf and chown apache ~client/extrahosts.conf)... if 
> I do that, the Webserver will have permission to *configure* the new 
> domains but not restart the servers... here are my questions:
> 
> 1. Is this a really, really, really bad idea? Because it sounds to me 
> like giving the webserver access to anything besides webpages could be 
> the making of a security flaw. (And if it is, I'll figure out a more 
> secure way to do this, for sure!)
> 
> 2. How can I implement this? Is there a way in PHP to setuid, so I can 
> call `/etc/ini.d/httpd reload` and `/etc/init.d/named reload`? Do I 
> have to run two apache servers, one running as root? Can I add apache 
> to the sudoers file, granting it access to those tow commands?
> 
> 3. Will calling `/etc/init.d/httpd reload` from within httpd cause 
> nasty things™ to happen?
> 
> 4. Any other suggestions on how to do this? Is there a way to set up a 
> generic apache host that will "decide" (via PHP or whatever) which 
> documents to server without modifying config files?
> 
> Thanks guys!
> 
> Joshua Gitlin
> Lead Web Designer
> Glow Films, Inc.
> http://www.glowfilms.com/





More information about the TriLUG mailing list