This is for an unremarkable LAMP server running Ubuntu. The reason I want to do this is because I want a php script to be able to run a linux command via the exec() function and the command I want to run needs permission that 'nobody' does not have.I have added my new user 'web' with the appropriate permissions, now I just need my web server to be the user 'web'.
Asked
Active
Viewed 6,283 times
3 Answers
4
This is located in:
/etc/apache2/envvars
And is usually (by default):
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
You can change the user that apache runs as here. You'll need to restart apache for the changes to take.
What you really want is SUEXEC. What you're proposing is rather quick and dirty; it also poses a huge security risk.
What you should really be doing is this.
skub
- 216
- 1
- 2
-
I wish "What you really want is SUEXEC." could be bigger and bolder! Exactly what I needed. Didn't see it at first. – larrylampco Feb 07 '16 at 05:45
1
Have a look at suexec. Alternately you can set the user Apache runs as. This is an excerpt from my httpd.conf
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www
Group www
dkwiebe
- 651
- 3
- 8
-1
I know this is coming late, but i stumbled upon this question when i was trying to solve a similar problem. I would suggest you run WHOIAM to determine the current user. Then grant the user the right permission using VISUDO
By default apache runs with the user www-data you can apply the permission in visudo by including the following line in /etc/sudoers
www-data ALL = NOPASSWD : /usr/local/bin
you can replace /usr/local/bin with the command you want to run in your script.
bisi
- 1