change ip address of server using PHP

Question

i need to be able to change the IP address of a server using PHP. i'm trying to use ifconfig eth0 down as the www-data user to make sure it will work. so far, i've gotten rid of a permissions issue on /var/run/network/ifstate file, but now i get a permission denied line that reads SIOCSIFFLAGS: Permission denied. is there a way around this? if not, how do you change the IP address of a server in a web page?

php code:

//if the ip has changed, bring down the network interface and bring it up with the new IP
if($ipConf != $ip) {
    $ifdownSuccess = exec("ifconfig eth0 down", $downOutput, $downRetvar);
    $ifupSuccess = exec("ifconfig eth0 up ".$ip, $upOutput, $upRetvar);
    //TODO: check for ifupSucess and revert to old ip if the command failed
    var_dump($downOutput);
    var_dump($downRetvar);
    var_dump($ifdownSuccess);
    var_dump($upOutput);
    var_dump($upRetvar);
    var_dump($ifupSuccess);
}

returns:

array(0) { } int(127) string(0) "" array(0) { } int(127) string(0) ""

is there a way around this permissions issue or another tool i can use to do this?

Can't you use sudo and just allow ifup/ifdown? This would work around all permission problems. — Hikaru-Shindo, Nov 25 '11 at 16:38
I think only root can bring down network interfaces... But I might be wrong. — NullUserException, Nov 25 '11 at 16:38
but how do i use `sudo` from a php exec() call? it requires a password on a following line... — moonlightcheese, Nov 25 '11 at 16:40
I don't think is doable, once eth0 is down, your page will get killed (that's mean you can't see the output) — ajreal, Nov 25 '11 at 16:47
i realize that. this is for development. even if the interface is down, the second line should still execute after the first is finished, bringing it back up. even if it doesn't come back up, it's fine for now, i just need to get past the permissions issue. — moonlightcheese, Nov 25 '11 at 16:52
Why on gods earth are you trying to do this? It can be difficult to recover. Also changing IP addresses should be a rare event or handled by DHCP. I strongly recommend that you **DO NOT DO THIS**. Also you need to be root and need to consider the implications (as possibly wiring) before you attempt to do this. — Ed Heal, Nov 25 '11 at 16:44
just let it suffice that it is absolutely necessary for what i'm doing... i'll take care of the clean up. right now i just need it to work. — moonlightcheese, Nov 25 '11 at 16:47
@moonlightcheese - For you web server VIRTUAL HOSTS might be a better bet - easier, secure and less hassle. — Ed Heal, Nov 25 '11 at 16:55
virtual hosts have absolutely nothing to do with this problem... from the apache documentation "As the term IP-based indicates, the server must have a different IP address for each IP-based virtual host. This can be achieved by the machine having several physical network connections, or by use of virtual interfaces which are supported by most modern operating systems". i realize that this isn't recommended behavior, but just because it's written in every Unix/Linux document that it shouldn't occur, doesn't mean there isn't a situation where it's necessary. router interface pages, for ex... — moonlightcheese, Nov 25 '11 at 17:02

score 3 · Answer 1 · answered Jun 21 '12 at 18:58

I had a similar problem and am considering the following solution:

1) The php page reads in the IP, Netmask, and gateway, checking for proper formatting and whether the IP is viable and writes that to a text file

2) A cronjob written in whatever, looks for that file, and if it is there, it reads in the contents, parses it, and makes the changes

This should be sufficiently secure.

moonlightcheese · Accepted Answer · 2011-11-25T17:53:56.113

i figured this out. the answer was to add the www-data user (or whatever the name of your server user is) to the admin group with usermod -a -G admin www-data. if you take a look at /etc/sudoers, you'll notice that anyone in this group can perform sudo commands without a password prompt using sudo -n <command>. made a quick code change:

//if the ip has changed, bring down the network interface and bring it up with the new IP
if($ipConf != $ip) {
    $ifdownSuccess = exec("sudo -n ifconfig eth0 down", $downOutput, $downRetvar);
    $ifupSuccess = exec("sudo -n ifconfig eth0 up ".$ip, $upOutput, $upRetvar);
    //TODO: check for ifupSucess and revert to old ip if the command failed
    var_dump($downOutput);
    var_dump($downRetvar);
    var_dump($ifdownSuccess);
    var_dump($upOutput);
    var_dump($upRetvar);
    var_dump($ifupSuccess);
}

and i'm now in business. was able to connect on the new IP address via SSH and view webpages via the new IP as well.

Be aware that there are lots of security risks associated with having the www-data user able to execute root-level stuff, especially if you configure it to not need a password. In other words, if your application is compromised in any way, the attacker has freedom to do whatever he wants. Please consider using visudo to limit the executables that www-data has access to, such as in this post: http://stackoverflow.com/questions/8202887/why-php-command-execservice-apache2-restart-doest-work-on-ubuntu — nrobey, Nov 25 '11 at 18:23
Just to reinforce, giving sudo permission to the http user is a REALLY bad idea. — jweyrich, May 06 '12 at 09:45

change ip address of server using PHP

2 Answers2

Linked