What I am trying to do is run shell commands as the system root user from a web page.
From what I have researched, there is no way to impersonate a system user in PHP on Linux (CentOS 6.3 with PHP 5.4.13 to be exact).
So far I have installed sudo and added a line apache ALL=(ALL) :NOPASSWD ALL (for testing) to /etc/sudoers. I have then created a simple php file in the root of my website:
<?php shell_exec('sudo -u root touch somefile'); ?>
and nothing happens, however, if I run:
<?php shell_exec('whoami'); ?>
I get apache as the result, so I know at least shell_exec is working.
If I try from the cli su apache, I get This account is currently not available. which I believe is because apache has nologin defined (?) apache:x:48:48:Apache:/var/www:/sbin/nologin
So whats the right way to be able to run commands as root from php?
As an example of what I am trying to achieve by running as root, I would like to add certificates to /etc/ssl/certs/https using the following command line called from a web control panel:
openssl req -new -nodes -x509 -days 3650 \
-subj "/emailAddress=${ssl_email}/CN=ca.${domain_name}/OU=${ssl_organisational_unit}/O=${ssl_organisation}/L=${ssl_location}/ST=${ssl_state}/C=${ssl_country}" \
-keyout "${certroot}/cacert.pem" -out "${certroot}/cacert.pem"
Greatly appreciate your help.
ah ha!!! Got it!
Not long after I wrote that, I found sudo in php exec()
The answer is to comment out Defaults requiretty from /etc/sudoers