NYCPHP Meetup

[Faber Fedor]

Well, my playing around with/obsessing over the whole XMLHttpRequest
object paradigm is paying off.  I've done nothing but write code since
Thursday (well, I've slept some, too) and I have only one major step to
work through...

My GUI talks to a PHP backend.  At the moment, I have some stuff
hard-coded in the PHP functions.  What I need to do is to run some root
commands (specifically postcat and mailq), get the output into PHP,
XML-ize them and send them to the GUI.

My question is: how can I safely run the root commands? Only root can
run those commands.  The PHP script will run as the apache user who
doesn't have access to the root commands. I want my GUI to be accessible
over the web, so some extra security is needed on the backend (as well
as a password on the front-end, but that's a different matter).

I've thought of three ways to do it: 1) have the sysadmin create a sudo
user that can run the given commands with no password, 2) create a
sudo user and store his name and password outside of the document root,
or 3) write some C wrappers and set them suid. I'm not crazy about any
of these solutions. 

Anybody else have a better idea?

-- 
 
Regards,
 
Faber                     

Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com