HomeBuilding Your WebsiteWeb Programming and Application Development

perl script from php as root

ROB posted this at 20:31 — 15th February 2002.

They have: 447 posts

Joined: Oct 1999

i need to read /etc/shadow and /etc/group from a php page. i wrote a perl script, which reads /etc/shadow and does stuff with the data then returns a value.

from php, i'm doing something like this:

$result = `/home/getinfo.pl username password`;

the script works fine when run from a shell as root, but not from php because only root can read /etc/shadow, and php runs as httpd.

so, any ideas? i'd prefer my root password not be in my code, but i can't figure out how to get something like this `su root` to work anyway because you can't pass the password as a parameter.

Wil posted this at 15:57 — 18th February 2002.

They have: 601 posts

Joined: Nov 2001

There only way you could do this would be to reconfigure your web server to run as user 'root'. And any web server developer that allows you to do this should be shot. It's the most stupid thing anyone could ever do.

I'm so glad that your server is set up properly to not allow you to do this.

If this is an absolute must, why don't you make a copy of /etc/shadow and put it somewhere else - and strip the passwords out at the same time!!!

- wil

ROB posted this at 16:13 — 18th February 2002.

They have: 447 posts

Joined: Oct 1999

thanks wil.

i found a [url=http://www.math.ohio-state.edu/~ccunning/pam_auth.html]PHP pam module[/php] that looks like it would do what i need to do, but this isn't important enough to justify rebuilding php.

my rather unelegant solution is much like you suggested. i have a perlscript run by crontab that copies the info i need out of /etc/shadow and writes it to a file readable only by httpd every 15 minutes. not the most secure solution, but i do strip the root password out and it accomplishes what i need to do (validate users through php)

Wil posted this at 17:10 — 18th February 2002.

They have: 601 posts

Joined: Nov 2001

You can't dump the contents of /etc/shaddow into a SQL database every x amount of minutes? This would probably be more secure?

Saying that, how many users have you got? If it's less than 100 users, then using a flat file system will actually be faster (under similar benchmark tests) than a SQL database.

- wil

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.