How to execute root level privileged commands through php or any programming languages without any security problems in a linux system


      Consider the example of killing process from the PHP website.

      The approach of giving full permission to the webserver(apache or nginx) users like www-data, is not secure because if the site is hacked, the hackers can access the full system. So the following approach is the best method which doesn't have any security problems:
      • Save the process ids in a database(egs:mysql) table through the PHP code itself.
      • Open the linux terminal and login as the root user
      • Setup a cron job which runs every minute. 
      • For that run the following command to edit the cron
      crontab -e

      • Put the following line:
       * * * * * killProcess.php

       Where killProcess.php fetches the process IDs from the database and execute the kill linux command(or any other linux commands as per your requirement) through the php function shell_exec().

      Since the cronjob entry is configured as the root user, the specified script has all the same set of privileges as the root user.

      1 comment:

      Subscribe to: Posts (Atom)

      Technologies

      1. Nodejs
      • Express
      • Loopback
      • SailsJs
      2. Angular
      • 2
      • 4
      • 5
      • 8
      3. JQuery
      4. PHP
      • LAMP
      • Codeigniter
      • Lumen
      5. Database
      • MySQL
      • PostgreSQL
      • MongoDB
      6. Artificial Intelligence
      • IBM Watson API
      7. Amazon
      • S3
      • EC2
      • SES
      • ELB
      8. REST & SOAP API integrations
      9. Push notifications
      • FCM - Android
      • APNS - IOS
      10. RETS(Real estate domain) servers
      11. Standard Implementations
      • 508
      • LTI