如何通过Web访问处理命令行权限

Question

Here is was I am trying to do:

I have a vServer, running different game servers, voice servers, bots etc. As we have some admins in our community who don't know how to handle the servers via command line I want to create a webinterface which basically executes some commands through button clicks and shows what the server would answer. Almost everything is working fine, I used PHP to execute commands with shell_exec() function, but I ran into a problem: the www-data user does not have the needed permissions to execute some commands. I googled for some solutions and now I know that it would not be intelligent to run Apache as root, so I am searching for another solution...

Anyone who knows a "beautiful" way to solve this? I need to say that I am pretty much a beginner with these things, so please don't expect to much knowledge :p

Thanks in advance and kind regards :)

Answer 1

One possible solution could have all the commands that you want to run saved in a database table, then create a PHP script running in the crontab as root. This PHP script should have permission to run system_exec.

The steps are 1) Save commands in the database table => "ls /etc/var/log/" 2) PHP script /var/www/html/read_commands.php (read all the commands from the table and execute with system_exec) and then delete the command. Ex.

$command_from_table="ls /etc/var/log/";
system_exec($command_from_table);
//delete the command from the table.

3) Add /var/www/html/read_commands.php to the crontab -e.

* * * * * sudo /var/www/html/read_commands.php

This can give you one idea, but there are many approaches to this, this can be done with some permission for apache but is a breach of security.

Also you need to make sure the user can't insert critical commands like rm -rf / lol