Allowing PHP to change file and directory ownership and permission

php linux apache root
10,285

Well, it certainly sounds like a dangerous idea to begin with and I'd prefer sitting down and thinking through the whole strategy of what is trying to be achieved.

The danger is privilege escalation of an executable script which a remote user could modify or upload, of course. Full chown/chmod in a web app is equivalent to just pasting your root password on the page.

What is it exactly which needs to happen?

If the chown needs to happen for some reason but not to root (we hope) then the functionality should be wrapped. I would take the user requests and queue them, then have a separate process (could be shell, php, perl, anything) running as root by cron check this queue, check to see if the request fit the allowed parameters, and make the changes.

Share:
10,285
Namrata Das
Author by

Namrata Das

Read my blog! Specialized in: REST (The hypermedia kind!) Javascript & Typescript React & Node I am looking for interesting contracts

Updated on August 21, 2022

Comments

  • Namrata Das
    Namrata Das over 1 year

    I'd like to build a simple web app, which manages some directory on a server. I want to give people the option to use chown and chmod.

    What is the safest way to give PHP this permission? The quickest thing is just running Apache and PHP as root, but that doesn't seem to be a smart idea.

    One other thing I thought of, was creating a separate script which has setuid root..

    Thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

root path for php files in Linux apache
PHP/Ubuntu - QxcbConnection: Could not connect to display aborted
Connect to MS SQL Server from PHP on Linux?
PHP - Unable to load dynamic library '/usr/lib64/php/modules/
sudo: no tty present and no askpass program specified When useing shell_exec
PHP fopen "failed to open stream: resource temporarily unavailable"
why php command `exec("service apache2 restart");` does't work on ubuntu?
Is ZLIB support in PHP enabled by default or NOT?
how to solve error QXcbConnection: Could not connect to display when using exec function for phantomJs using PHP
Php7 and php5 on fedora at the same time