Safe shell call with php

Question

I have a little coding project.

I want to manage my dedicated server (debian based) with a web interface.

I want to manage for example my services, my game server etc.. I allready have scripts to control them with a ssh connection, but it comes to be a good exercise to code my own manager.

My question is How to make shell command with php. And I know there are functions to do so, but, I read that allow the www-data account all right is not safe, so is there a way to make this securely ?
(Of course my programs are all launched with a different account.)

Also I want the interface to be sustainable easily (like the possibilty to add a service without making a lot of change).

Many Thanks.

Answer 1

The question is very general.

In php you have exec() shell_exec() system() and passthru() just google for them for detailed info.

All they have in common is they execute a binary file (assumed Apache (are you on Apache?)) have permissions to do so.

To avoid security issues you have to be sure on what command is executed and which parameters are passed, in any case/situation/context.

If they are 100% properly checked and validated by the code that's before the call then the code is safe.

The first thing you should care about is never let the client (communicating to the server with GET or POST requests) execute arbitrary commands or pass arbitrary parameters.

To increase security protect sesitive files and directories from the user/group Apache is running

-OR-

run Apache with a user group that is not harmful for sensitive files/directories (don't run is as root for example...)

Hope this helps...