[TriLUG] Executing admin commands in PHP

Jason Tower jason at cerient.net
Wed Jul 9 12:05:10 EDT 2003


check out virtualmin, which is part of the webmin (www.webmin.com) project.

jason

On Wednesday 09 July 2003 11:56, Joshua Gitlin wrote:
> Hey guys,
>
> A client of mine wants me to develop and host a website that will have
> multiple domains, and he wants to be able to add domains at a later
> date... so basically I need to build a PHP Application which can add a
> VirtualHost directive to a special apache configuration file, add an
> entry to /etc/named.conf, create a file to /var/named/newhost.hosts and
> fill it with the DNS info, and then reload apache and Bind. For many of
> these things, I can create "special" configuration files which the
> webserver has permissions to modify, and then include these special
> files in my normal config files. (I.E. in httpd.conf, Include
> ~client/extrahosts.conf and chown apache ~client/extrahosts.conf)... if
> I do that, the Webserver will have permission to *configure* the new
> domains but not restart the servers... here are my questions:
>
> 1. Is this a really, really, really bad idea? Because it sounds to me
> like giving the webserver access to anything besides webpages could be
> the making of a security flaw. (And if it is, I'll figure out a more
> secure way to do this, for sure!)
>
> 2. How can I implement this? Is there a way in PHP to setuid, so I can
> call `/etc/ini.d/httpd reload` and `/etc/init.d/named reload`? Do I
> have to run two apache servers, one running as root? Can I add apache
> to the sudoers file, granting it access to those tow commands?
>
> 3. Will calling `/etc/init.d/httpd reload` from within httpd cause
> nasty things™ to happen?
>
> 4. Any other suggestions on how to do this? Is there a way to set up a
> generic apache host that will "decide" (via PHP or whatever) which
> documents to server without modifying config files?
>
> Thanks guys!
>
> Joshua Gitlin
> Lead Web Designer
> Glow Films, Inc.
> http://www.glowfilms.com/




More information about the TriLUG mailing list