1

I am currently working on a Linux based single board computer for an engineering company, and I am in charge of updating the local configuration website hosted within the board. The point of this configuration server is so that a user can connect to the board via their web browser and modify settings within the board.

The current setting that I am trying to create involves setting the timezone of the board's hardware clock. Unfortunately, the way board handles time zones is by setting up a system link between a file within /usr/share/zoneinfo/ to /etc/localtime.

My issue is that I need to run the following command from the website:

ln -s /usr/share/zoneinfo/Etc/GMT$1 /etc/localtime

where $1 is a + or - followed by a number. These are generated by a dropdown on the website.

My major problem occurs when I try to run this command from the PHP of the website. By catching the response of the exec command, I have found that I am not getting sufficient permissions to create/modify the symlink. I have tried the approach of creating a bash script and running that from the PHP. I have also tried running a C based executable from the PHP.

Things to note: The user passwords are randomly generated, and sudo is not included on the embedded Linux package.

My goal is to avoid running the Apache server as root because of security concerns. Is there any way to give individual scripts (possibly temporary) permissions to run the command, or any other sort of workaround to this?

jetbomber117
  • 79
  • 1
  • 7

2 Answers2

2

There's a good reason for seperating privileges, particularly when you're dealing with a stateless protocol. The answer by darryn.ten is a waste of time - you're giving the webserver uid permission to do everything - you code get the same result for less effort (and just as insecure) by running the webserver as root.

I'd recommend encapsulating the logic in a program running as root which only:

  • validates the arguments
  • links the timezone

In the example bekow I'm using bash which would require sudo to execute as root - but if you write it in C then you can enable the setuid bit which will run the program with the privileges of the file owner (this won't work with shell scripts). Not sure how setuid behaves with lua - which would be an obvious candidate for an embedded system.

#!/bin/bash

# NB must be validated under executing user privilege

REQUEST=`echo $1 | grep -P '/^([\+\-0-9]+)$/'`"; 
ln -s /usr/share/zoneinfo/Etc/GMT$(REQUEST} /etc/localtime
symcbean
  • 47,736
  • 6
  • 59
  • 94
  • I ended up going with a similar method to this. I created a C program that called setuid and then gave it sufficient permissions to be ran with suid. I accomplished this using `setuid(0);` within the C program, and then ran: `chown root /usr/bin/timezone_set` `chmod +s /usr/bin/timezone_set` to set my C application up with proper permissions. Then I setup the PHP program to run the application. – jetbomber117 Jun 11 '12 at 15:40
0

You need to add sudo to the installation, and then

visudo

and add the following

apache ALL=(ALL) NOPASSWD: ALL

provided your apache user is apache.

Then add sudo to the command

sudo ln -s /usr/share/zoneinfo/Etc/GMT$1 /etc/localtime

and the command should get executed.

EDIT: Don't actually do this

darryn.ten
  • 6,784
  • 3
  • 47
  • 65
  • When it's the goal to avoid running Apache server as root because of security concerns, it seems to me that giving apache unlimited access to the box through sudo is not a very secure solution? – Berry Langerak Jun 11 '12 at 14:36
  • okay, this is a silly thing to do, even though it would technically work. @symcbean has a much more secure answer. – darryn.ten Jun 12 '12 at 06:55