Reputation: 24207
Running exec as a different user
Is it possible to run exec() as a a different user (on my box it runs as www-data). I wish to execute a script that needs access to files that are not owned by www-data.
Upvotes: 14
Views: 15615
Answers (4)
Reputation: 50832
You can change the user under which your server runs. This can be easily done using the windows version of apache (apache runs there as service and it is easy to configure the user under which apache runs).
Which server plattform do you use?
Upvotes: 0
Reputation: 1116
I had a similar requirement some years ago that required a few PHP scripts to talk to a serial port. The first serial port is typically /dev/ttyS0, owned by root and in the group dialout.
For my initial setup, I added my apache user to the group dialout. The PHP scripts were able to directly talk to the serial port with no problem. However, only one instance of a script could open the serial port at any one time, so this solution could not work.
I then created a daemon that provided a layer between the serial port and the PHP scripts. The PHP scripts would talk to the daemon via a named pipe, and the daemon would then format the requests and pass it onto the serial port - doing a bit of caching along the way.
So, either add www-data, or whatever your apache user is, to the group that owns those files, giving group execution permissions, or use a proxy like I had. If security concerns you, then I'd go with the latter.
Upvotes: 4
Reputation: 34632
If you have access to the server's configuration (assuming it's Apache), you might consider using suPHP. In a virtual host's configuration you can explicitly set the user and group for which a PHP script is executed:
<VirtualHost 192.168.1.1:80>
...
suPHP_UserGroup user group
...
</VirtualHost>
This setting is available for suPHP configurations built with the --with-setid-mode=paranoid option.
Another way to change the user ID would be posix_setuid() for which appropriate privileges are required. That would mean running your PHP scripts as root, which is a serios security issue.
Upvotes: 6
Reputation: 29967
No, not directly. If you are on a linux machine and have the rights, you can set the set the setuid bit on your file.
Keep in mind that the webserver runs as a different user for a reason. It is a very important security mechanism and by working around it, you might cause a security vulnerability.
Upvotes: 1
Related Questions
- How to run PHP exec() as root?
- Running command-line application from PHP as specific user
- PHP exec() command function for user other than PHP user
- Calling exec() on php
- Using shell_exec or exec as a different unix user?
- Possible permissions issue when using exec commands in PHP
- running a script exec command from php
- exec command and non-root user
- Using exec() in PHP as an specific system user
- Running shell script from PHP as different (non root) user