-4

I need to get all mac Addresses from my network-card. So i use nmap from Debian, combined with PHP.

But, without root privilege, this only gives me the IP address and status from a target. With root privilege, i get IP, status, and adresse MAC.

How i can execute this command (or a script.sh with nmap inside), with root privilege and without do a "cracked server" (like ALL=NOPASSWD)

umläute
  • 499
  • 1
  • 7
  • 26
Hihui
  • 1
  • 4
  • Maybe using a combination of a `sudo` enabled www-data user and a bit of `expect` tooling, but looks to me an XY problem. – 178024 Dec 10 '13 at 12:38
  • What, specifically, are you trying to do? (Because judging by what you're asking you want to create a security hole big enough to drive an aircraft carrier through sideways, and I'm going to give you the benefit of the doubt and assume that's ***NOT*** your end goal here.) – voretaq7 Dec 10 '13 at 21:07
  • It's not really a duplicate, cause i want to search if an other solution exist ... I'm still thinking "www-data ALL=(user) NOPASSWD: /path/to/program/or/script" it's not really a good solution ... If someone know a real solution to execute a script PHP with root priviliege (or give nmap the same result, regardless user) – Hihui Dec 11 '13 at 12:57
  • @Hihui if you want to have another solution to the same problem as asked [before](http://serverfault.com/questions/554019/allow-www-data-to-execute-shell-script), then this *is* a duplicate. so what is the underlying problem you want to solve? – umläute Dec 12 '13 at 14:28

2 Answers2

0

if you want to get the MAC-address of a remote IP, you could simply check the ARP-cache, as found in /proc/net/arp

#!/bin/sh
IP=$1
# make sure that the ARP-cache holds the entry for this IP
ping -c1 "${IP}" 2>&1 >/dev/null
# get the MAC-address
egrep -w "^${IP}" /proc/net/arp | awk '{print $4}'
umläute
  • 499
  • 1
  • 7
  • 26
-1

Setuid your script or create sudo rule for it.

Kazimieras Aliulis
  • 2,324
  • 2
  • 26
  • 46
  • 3
    setuid'ing scripts is a very bad practice, as is a sudo rule for the whole script. You should only allow limitied, specific commands. – Roman Dec 10 '13 at 13:01