Can i make PHP login as a different user while running shell_exec or exec?
I don't want it to use the www-data user, since i want to execute commands as the git user in order to create repos in the current machine.
Asked
Active
Viewed 1.1k times
4 Answers
7
Can i make PHP login as a different user while running shell_exec or exec?
This is a risky option and it can create a serious security hole in your server. It should be avoided.
i want to execute commands as the git user
I would suggest that your web app writes to a database table the information about the new repo that needs to be created. Then have a constant running process (or one invoked via cron) on the server that runs as the git user. That process can check that resource periodically and create the repo. That way, your web server doesn't user-switch and you can still create the new repo safely.
webbiedave
- 48,414
- 8
- 88
- 101
2
You can setup sudo to allow this. You'll need to give the www-data user permission to sudo to user git (via /etc/sudoers) (possibly without a password).
ie:
shell_exec('sudo -u GIT_USER -S your_git_command');
As another option, it is possible to configure Apache to run your virtual host as a user other than www-date (see suphp - http://www.suphp.org/Home.html).
JJ.
- 5,425
- 3
- 26
- 31
0
How do you give the www-data user permission to sudo to user git via /etc/sudoers without a password?
would the following work?
www-data ALL = git_user NOPASSWD: command_Name
py_newbie
- 136
- 13