I would like to update my hosts
file and restart dnsmasq
from a web interface (php/apache2). I tried playing around with suid bits (the demonstaration). I have both apache
and dnsmasq
running on an EC2 instance.
I understand that Linux ignores the setuid bit on text scripts, but works on binary files. (Have I got something wrong?). I added exec("whoami");
to the example C program in Wikipedia. Although the effective UID of the C program is 0, whoami does not return root
🙁
I would thoroughly like to avoid
echo password | sudo service dnsmasq restart
or adding apache to the sudoers without password! Is there a way out? How does webmin do such things?
Best Answer
I would take another approach and configure either an incron script which runs as as root, which monitors some file for changes and responds by applying your changes to the /etc/hosts file.
With the incron approach, you set an inotify entry to watch some file for changes, and respond by running a script;
/var/www/hosts IN_CLOSE_WRITE /run/this/as/root
So apache has permissions to write to /var/www/hosts using php or whatever and the /run/this/as/root script runs as root to apply the changes to the /etc/hosts file