Allow PHP everything / give PHP-User root rights

1
votes

First of all sorry for my English, I am German. I am using Debian with apache2 and php5. The server is just for testing and in my local network, so I’ve got no secure-problems. My Question is:

How to give PHP/the PHP-User root-rights?

For example: I want my .php files in /var/www/ to do file_put_contents() for every file on my server, exec() any command (with root-rights),... when I call them in my browser.

I’ve tried a lot of things, for example I put www-data in the root-group or to change the Apache-User in /etc/apache2/envvars, but nothing worked or I got Errors.

I’ve heard about a httpd.conf but I can’t find this file.

Please help me!

2
phplinuxapacheapache2debian
You do NOT need to give PHP access to EVERYTHING, no matter what you are trying to do. So set up sudo rights for www-data, with access to only certain commands.rjdown
And how? I am new on Linux/PHPlouk
Edit the /etc/sudoers file, some examples here stackoverflow.com/questions/3173201/sudo-in-php-execrjdown
But that doesnt allow stuff like file_put_contents(). Is this possible in a simple way? Or am i forced to create the file in /var/www/ and then move it where i want?louk

2 Answers

2
votes

To be clear, giving PHP root privilege is a terrible idea. Perhaps not in this case but generally: users, that you should not trust, are coming to your server and running code that, even if you wrote it, you should not trust, and you're saying that code can do anything to that machine.

I'd strongly recommend that you look for another way to do this.

In your specific case, I would just make sure that, whatever user Apache is running as (usually apache or www-data), has the correct privileges in /var/www. For example, set the user and group to apache/www-data and give read and write permissions to files. You should be able to arbitrarily give execute privilege to specific files and run them. This still isn't a very good idea.

In terms of giving PHP root privileges, all commands are run as the apache user, and you can't make apache run it without building it yourself. You can however add it to sudoers list (/etc/sudoers), and use PHP's exec command to do things through sudo. But please... DO NOT DO THIS

0
votes

Edit the /etc/sudoers file, some examples here sudo in php exec() – rjdown