1

Can the web server execute a command in my Linux environment, and the Linux environment treat it as a request coming from me not from the server?

In other words, how can I change the web server's identity into mine?

Kenny Rasschaert
  • 9,045
  • 3
  • 42
  • 58
Chentouf
  • 11
  • 1
  • 3
    This sounds like a way to create a **huge** security hole. If you need the webserver to do [something] then you should give it the correct permissions to do so. – Dan Mar 28 '13 at 12:41

1 Answers1

2

You could have the webserver run a script which calls a properly configured sudo to execute commands as another user.

Alternatively, if you're using Apache then you could use mod_suexec, which allows you to run commands as a different user straight from the webserver.

Flup
  • 7,978
  • 2
  • 32
  • 43
  • thanks a lot for your answer, but can you give me more detail, I'm using the su command like this:echo password | su -c mycommand -s /bin/sh mchentou, but even-thought it does not work, am I missing something? thanks again – Chentouf Mar 28 '13 at 14:29
  • 1
    You can't pipe the password into `su` like that. If you want to do it like that, edit the `sudo` configuration file (with `visudo`) and add a rule for your webserver to be able to run your command as the appropriate user. Then you can do `sudo -u mchentou mycommand`. However, it would be more secure to use something like `mod_suexec` if you can. – Flup Mar 28 '13 at 14:35