FUDforum: comp.lang.php » Exec Security

Home » Imported messages » comp.lang.php » Exec Security

Show: Today's Messages :: Polls :: Message Navigator

Re: Exec Security [message #178991 is a reply to message #178988]

Sat, 01 September 2012 06:54

J.O. Aho
Messages: 194
Registered: September 2010

Karma:

Senior Member

On 01/09/12 03:49, Ryan wrote:
> I am working on a PHP script that will create Nginx vhosts. Creating the files should be simple enough. The hard part is this command "service nginx reload" to load the new vhost config.
>
> The result is I have to use Exec() to run the command. The bad problem I host sites for clients on the server, they obviously should not have access to Exec().
>
> Is there anything I can do to allow me to use it but prevent my other users?
>

You could make a database table in which you store command to execute
(use a id, not the command it self, like id 1 = reload nginx rules),
time stamp when inserted and time stamp when executed.

Your php script will just add a line to the table.

You have another job which reads the table say every minute and takes
all unexecuted and execute those (write some logic that makes it will
only restart once if there is more than one request for reload/restart
in the list at one time), as this one will run as a privileged user, it
will not have issues with the commands.

This method is scalable to work with multiple servers if you have a
centralized database server, in that case you need to add column for
which host is supposed to execute the command. Worked fine when I workd
at a hosting company.

--

//Aho

Report message to a moderator

[Message index]

		Exec Security By: Ryan on Sat, 01 September 2012 01:49
		Re: Exec Security By: Jerry Stuckle on Sat, 01 September 2012 02:12
		Re: Exec Security By: J.O. Aho on Sat, 01 September 2012 06:54
		Re: Exec Security By: Ryan on Sat, 01 September 2012 09:51
		Re: Exec Security By: J.O. Aho on Sat, 01 September 2012 11:19
		Re: Exec Security By: Ryan on Sat, 01 September 2012 18:50
		Re: Exec Security By: Ryan on Sat, 01 September 2012 20:19
		Re: Exec Security By: Jerry Stuckle on Sat, 01 September 2012 20:26
		Re: Exec Security By: Ryan on Sat, 01 September 2012 21:11
		Re: Exec Security By: Jerry Stuckle on Sat, 01 September 2012 23:14
		Re: Exec Security By: Ryan on Sun, 02 September 2012 00:17
		Re: Exec Security By: J.O. Aho on Sun, 02 September 2012 07:25
		Re: Exec Security By: The Natural Philosoph on Sun, 02 September 2012 11:02
		Re: Exec Security By: Ryan on Mon, 03 September 2012 03:32
		Re: Exec Security By: Ryan on Mon, 03 September 2012 03:35
		Re: Exec Security By: Jerry Stuckle on Mon, 03 September 2012 03:43
		Re: Exec Security By: Ryan on Mon, 03 September 2012 03:53
		Re: Exec Security By: J.O. Aho on Mon, 03 September 2012 04:55
		Re: Exec Security By: J.O. Aho on Sat, 01 September 2012 21:23

Previous Topic:	Is PDO an abstraction layer?
Next Topic:	Net Connect API -php

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 07:45:31 GMT 2024

Total time taken to generate the page: 0.05663 seconds