Php – Apache sudoers access

apache-2.2PHPredhatsudo

I am making a system call from php which is

`sudo /usr/bin/perl -pi -e 's/foo/bar/g' /tmp/newxml.xml`;

which works fine in php cli. But would not work in php via browser, because apache does not have required execution permissions. How do I make apache a sudoer to allow to run only /usr/bin/perl ?

I understand that will have to edit /etc/sudoers to do this, but I am not sure how its to be done. Any pointers?

I am running RHEL 5.5

Best Answer

visudo

add

nobody ALL=(ALL)NOPASSWD:/usr/bin/perl

replace nobody with whatever your apache user is.

But you shouldn't do that. Giving apache sudo access to perl essentially gives anyone instant root to your box who compromises a php application of yours.

You should check the umask for /tmp/newxml.xml and make sure it's writeably by your apache user.

Related Topic