Allow Apache to execute command in root?

Question

I am setting up a bash/html CGI that will allow me to generate graphs with GnuPlot under RedHat 7.6. My tutor ask me to create a cgi script that will be able to return a sudo id (root) without a password, only using the " id " command, not " sudo id "

I've just add the id command in my cgi source code in order to display the result of this command on the first page of my cgi :

Actually, if I add the id command in one of my cgi-script, the return is :

uid=48(apache) gid=48(apache) groups=48(apache) context=system_u:system_r:httpd_sys_script_t:s0

So I going on the the visudo file and I try to add this at the end of the visudo file :

httpd ALL=(root) NOPASSWD: id

Or

apache ALL=(root) NOPASSWD: id

My cgi return this again and again :

uid=48(apache) gid=48(apache) groups=48(apache) context=system_u:system_r:httpd_sys_script_t:s0

But I want this return :

uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Could you show me how to do that ?

score 0 · Answer 1 · answered May 27 '19 at 09:38

0

If you add the username as the first parameter to id you get the desired output.

[user@host ~]# id root
uid=0(root) gid=0(root) Gruppen=0(root)

answered May 27 '19 at 09:38

rblock

58
5

Allow Apache to execute command in root?

1 Answers1