如何从PHP以root特权运行shell脚本？

Question

I'm trying to use vpopmail's vadddomain to add new virtual domains. Since apache user has no access to vpopmail's binaries I cannot exec('../bin/vadddomain...') directly from PHP.

I made a shell script ( adddomain.sh ) as below:

#!/bin/bash
 cd /home/lxadmin/mail/bin
 ./vadddomain $1 postmaster_password

And appended this line to /etc/sudoers using visudo (forget about security for now):

ALL ALL=NOPASSWD: /home/lxadmin/mail/bin/adddomain.sh

I have something like this in my PHP script:

exec('sudo /home/lxadmin/mail/bin/adddomain.sh example.com', $output);

But this is not working at all (domain example.com will not be added to vpopmail). But when I run this command through SSH and with root user, it works.

Can anyone tell what is my problem here?

Answer 1

This should be possible by adding the webmaster -user tot the /etc/sudoers file and simply accept that user to use the command you are willing to use. I do not recommend to use the sudo command directly in your php since you probably have to store the password for this somewhere, which off course you do not want! You don't want to post your password by accident somewhere or another developer which you don't want to have root privileges to your code.

Another big downside of simply using root commands is that WHEN you have a security breach in your code, that I can run sudo commands through for example a form. Be very careful with the privileges.

• Giving ordinary users root privileges: http://www.debian-administration.org/articles/33

Ps. I'm new to SSH and setting up users privileges as well, so please correct me if I'm wrong. But this is what I know.