The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php root access

Discussion in 'General Discussion' started by kosasnet, Feb 14, 2008.

  1. kosasnet

    kosasnet Member

    Joined:
    Mar 7, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    hello

    how to provide normaly hosting user , permission root access ??

    EXAMPLE

    i use phpshell

    i wroted "exim -bpc"

    Response Is:

    exim: permission denied


    i how to provide root access ?
     
  2. Darren

    Darren Well-Known Member
    Staff Member

    Joined:
    Dec 26, 2001
    Messages:
    1,957
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Houston, TX
    Hello,

    You'll have to ask the hosting provider you get have your account with for help with running commands as root. You won't be able to do it via a php script however.

    [​IMG]
     
  3. kosasnet

    kosasnet Member

    Joined:
    Mar 7, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    i have got a dedicated server.

    how to do it ?


    thanks.
     
  4. Darren

    Darren Well-Known Member
    Staff Member

    Joined:
    Dec 26, 2001
    Messages:
    1,957
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Houston, TX
    When you got the server, were you informed of the root password by the company that installed it ? It would be the same password you use to log into WHM. If you are using Windows, you'll need to use a program like "putty" to ssh into the server and run the commands you want.

    Putty : http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.60-installer.exe
    Putty Docs: http://the.earth.li/~sgtatham/putty/0.60/htmldoc/
    There is a lot of documentation for it, but it's really quite simple to use. Give it an IP address (of your server) and the port ssh runs on (usually 22) , username would be root and use root's password to log in. Then you can run commands on the shell inside putty like `exim -bpc` to check your mail queue, etc. Be careful however, ssh as root means you can do anything at all, like delete the entire server and all files on it, or worse.

    [​IMG]
     
  5. kosasnet

    kosasnet Member

    Joined:
    Mar 7, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    i want to use PHP, with root shell access !



    i know ssh, putty etc...
     
  6. Darren

    Darren Well-Known Member
    Staff Member

    Joined:
    Dec 26, 2001
    Messages:
    1,957
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Houston, TX
    As I mentioned in my first reply, you can not have root access via php. PHP runs as the user nobody (inherited from apache) or as the user of the website from phpsuexec/suphp.
     
  7. kosasnet

    kosasnet Member

    Joined:
    Mar 7, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    please example wrote httpd.conf

    thanks.
     
  8. cPanelBilly

    cPanelBilly Guest

    PHP wont run as root for security reasons.
     
  9. Darren

    Darren Well-Known Member
    Staff Member

    Joined:
    Dec 26, 2001
    Messages:
    1,957
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Houston, TX
    It can't be done, it's like asking me to write a recipe for a smoothie that cures envy, greed and jealousy with added shots of fortune and inner peace. It's not that we won't help, it's that we can't help. I'd say it was impossible but then someone would go rewrite all of apache and/or php to allow it just to say "nothing is impossible." :rolleyes:
    The closest thing you might be able to do is to write a binary c wrapper that is suid root that calls the command you want and call it from a php script, but that's so dangerous and involves custom C programming so I don't think it's a feasible solution here.
    If I were you, I'd write a small daemon (php, perl, whatever) that can run the commands you want, have that run as root, then use a php script to communicate with the daemon over a local socket or authenticated tcp/udp connection. That way the script running in apache doesn't need special privileges and you can still get information from special commands run as root in a fairly secure manner.

    [​IMG]
     
  10. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Why can't you run the command through SSH? That part has not been explained. What is so wrong about using SSH? This is exactly what SSH is meant for. You're trying to use something, a PHP script, that is not meant to act as a shell.

    All you have stated is that you want to run the command through PHP. Why can't you use SSH?

    The more things you leave open for root access the more likely you are going to be compromised. Root level access needs special care. You have to know what you are doing with root access and you have to understand why it is so important to keep it secure. Trying to access something like this through PHP on a web server just screams insecurities.
     
  11. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    if he continues to just hack at the poor host's server he may just get root ..given if he tries enough exploits. ??

    wheel group user nobody? hehe
     
  12. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    There are two ways to do this.

    The first, mentioned above, is to write a setuid program that calls the code you want run as root. This is fraught with danger for a novice; be very careful or you will open your entire server for access by anyone who feels like it. There are some precautions you could take:
    • ensure it can only be run from a specific user account;
    • only allow one specific program to be run;
    • log access attempts;
    • log and email illegal access attempts.

    I have a PHP script that needs to run a root script and it uses all of the above techniques and has proven safe so far, over several years.

    Secondly, you could probably use the "sudo" command to achieve the same purpose. You need to set up the sudoers file to allow access, and to limit the programs called to the specific one(s) required.
     
Loading...

Share This Page