The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Publicly-accessible PHP script run as root

Discussion in 'Security' started by DanH42, Jun 26, 2014.

  1. DanH42

    DanH42 Active Member

    Joined:
    Sep 11, 2011
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bloomington, IL
    cPanel Access Level:
    Root Administrator
    I've got some pre-defined maintenance functions (shell scripts) I'd like to be able to be triggered from outside the server. They're non-critical, and there's no risk if someone else gets hold of the URL and triggers them themselves. I'd like to just call them from PHP using shell_exec, but that's disabled in php.ini for all accounts for security reasons.

    Obviously there will need to be lots of security considerations here. I'm well aware of that already.

    I tried writing a WHM plugin (which is run as root, and can bypass the disable_functions restriction), but when I try requesting it I just see a login page, even though I set the ACL to "any". Is there a place I can put a PHP script where it will be run by WHM's PHP instance, accessible at myIP:2087, that can be called without logging in?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Have you also disabled passthru? it can accomplish the same as shell_exec

    Depending on your php handler, you could put a php.ini in the same directory as the php scripts to over-ride disable_functions just for that directory.

    Personally I'd recommend you just set up a cron job in roots crontab to run the scripts periodically if that's an acceptable solution. It should be easier and more secure, especially if the stuff needs root privs anyway.
     
  4. DanH42

    DanH42 Active Member

    Joined:
    Sep 11, 2011
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bloomington, IL
    cPanel Access Level:
    Root Administrator
    passthru is also disabled, and I'd like shell commands to remain disabled. The commands I need to run do need to be executed as root, which is why I thought WHM's runtime would be a perfect place for them, since I wouldn't need to open any extra ports or anything.

    Cron would be usable as a last resort, but I'd like to be able to call the scripts on demand, rather than at an interval.
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You could probably make and register your own WHM plugin to run them, however, you would still need to log in. (edit: i see you tried this). I'm not aware of a way to do this without requiring login to WHM.

    Honestly I would either just use cron, or do something like this;

    Make a root cron which checks for $somefile, which can be created by an unprivileged users application. If $somefile exists, then your scripts run. I.e. have a php script that you can access publicly, that when accessed, touches an empty file ($somefile). When the root cron sees the file, it runs your other script and removes the file. It won't run the other script again until the check file is re-created by accessing the page. This should be pretty simple to accomplish, and eliminates the need for the php page you're accessing to have root privs.
     
    #5 quizknows, Jun 26, 2014
    Last edited: Jun 26, 2014
Loading...
Similar Threads - Publicly accessible PHP
  1. EneTar
    Replies:
    12
    Views:
    691

Share This Page