Could you use webmin ?
I'm playing about with squid at the minute (on a Ubuntu server OS) and am very pleased with what it can do. It seems the last thing I want it to do is the one I am having most difficulty with.
I want to be able to restart squid from a web page (which is served from the same server).
Something likeThis doesn't work though because of permissions. Can anybody help me achieve this please?Code:shell_exec('/etc/init.d/squid restart')
Could you use webmin ?
I could use webmin but I want this to work from a custom web script that I have designed.
Is this PHP? You'll have to relax some of the safety in php.ini to shell out in the first place. However, even then your shell command will run as a non-privileged user, so you won't be able to restart squid from there.
- run apache as root (baaad)
- add apache to the root group (baaad)
- [ame=http://en.wikipedia.org/wiki/Setuid]setuid[/ame] /etc/init.d/squid to run as root (baaad)
I think you see the pattern. You're gambling with remote code exploits here, which is why apache isn't set up like this in the first place. But if you want to go ahead, choose one of the above (I'd go with setuid myself, it's the most minimal solution.)
Last edited by powdarrmonkey; 4th February 2009 at 11:07 AM.
The server is not open to the outside world and this script will be hidden behind an ldap authentication anyways.
As I recall, apache runs as www-data on ubuntu. Thus if you alter /etc/sudoers like so:
then if you 'su' to www-data, you should be able to stop/start squid.Code:www-data = NOPASSWD: /etc/init.d/squid
For the PHP bit, your on your own.
I think you missed out the ALL?
Code:ALL = NOPASSWD:....
'ALL' means all users, probably not what you intended.
What I have isI have logged in as ww-data and tried restarting the squid server - apparently it went through successfully but it doesn't update my ACL's until I restart the server as root.Code:%www-data ALL=NOPASSWD: /etc/init.d/squid3
Last edited by Hightower; 4th February 2009 at 02:11 PM.
Ok, I didn't know you wanted to do that. Allow www-data to run the following:
Code:squid -k reconfigure
Just stick that in the same line as my code?
I tried this line
but it didn't work (broke the sudoers file again).Code:%www-data ALL=NOPASSWD: squid3 -k reconfigure
What should I be entering?
There are currently 1 users browsing this thread. (0 members and 1 guests)