Postgres Pro
Downloads
Home   >   mailing lists

Thread: Restart postgres in php as nobody

Restart postgres in php as nobody

From
Linh Luong
Date:
Hi all,

I don't know if this is do-able but any suggestions would be appreciated.

I have an restart_psql.sh that takes in an argument -F or -S that executes
the start of stop option of postgres.

I am trying to restart postgres with the option -F when running the php
script via browser as nobody.  I have exhausted the following possiblities:

1.  system("sudo /etc/rc.d/init.d/postgresql stop");
   This doesn't do anything because it doesn't display the message the
database is shutting down or in production state
   And also in auth.log it is asking for the password because I didn't sudo
on user nobody.

2.  I have tried using setuid on the file restart_psql.sh but unfortunately
it doesn't seem to be forcing the execution as root it still show the user as
nobody when I include whoami in the sh file.

3.  I have also tried add nobody to the sudoer file but only allowing to
execute a specific command /etc/rc.d/init.d/postgresql.  This also didn't
show progres because it is still asking for the password of nobody in auth.log

Does anybody know if this is possible or is there a better way of doing this?

Thanks


--
Linh Luong

Re: Restart postgres in php as nobody

From
"Campano, Troy"
Date:
If this is on a UNIX system:


You can edit the .rhosts or comparable file of the postgres user and add the
HOST and USER (nobody) that you want to SU to.

For example, in the .rhosts file of the postgres user you can add:


webservername nobody


Then try:


system("rsh localhost -l postgres pg_ctl stop");




I haven't tried this, but hope it helps.



[ Troy Campano ]






-----Original Message-----
From: Linh Luong [mailto:linh.luong@computalog.com]
Sent: Monday, January 07, 2002 1:04 PM
To: pgsql-general@postgresql.org
Subject: [GENERAL] Restart postgres in php as nobody


Hi all,

I don't know if this is do-able but any suggestions would be appreciated.

I have an restart_psql.sh that takes in an argument -F or -S that executes
the start of stop option of postgres.

I am trying to restart postgres with the option -F when running the php
script via browser as nobody.  I have exhausted the following possiblities:

1.  system("sudo /etc/rc.d/init.d/postgresql stop");
   This doesn't do anything because it doesn't display the message the
database is shutting down or in production state
   And also in auth.log it is asking for the password because I didn't sudo
on user nobody.

2.  I have tried using setuid on the file restart_psql.sh but unfortunately
it doesn't seem to be forcing the execution as root it still show the user
as
nobody when I include whoami in the sh file.

3.  I have also tried add nobody to the sudoer file but only allowing to
execute a specific command /etc/rc.d/init.d/postgresql.  This also didn't
show progres because it is still asking for the password of nobody in
auth.log

Does anybody know if this is possible or is there a better way of doing
this?

Thanks


--
Linh Luong


---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your message
can get through to the mailing list cleanly

Re: Restart postgres in php as nobody

From
Darren Ferguson
Date:
Not really a Postgres related issue

From a security point of view your system is behaving normally because you
should not be able to execute root commands from a web browser

However if you have any C experience you may want to write a small script
that will setuid(0) i.e. root and then execute the command depending on
the argument that you give it.

Then put this file in /usr/local/bin

This should allow you to do what you want to do

Darren

Darren Ferguson
Software Engineer
Openband

On Mon, 7 Jan 2002, Linh Luong wrote:

> Hi all,
>
> I don't know if this is do-able but any suggestions would be appreciated.
>
> I have an restart_psql.sh that takes in an argument -F or -S that executes
> the start of stop option of postgres.
>
> I am trying to restart postgres with the option -F when running the php
> script via browser as nobody.  I have exhausted the following possiblities:
>
> 1.  system("sudo /etc/rc.d/init.d/postgresql stop");
>    This doesn't do anything because it doesn't display the message the
> database is shutting down or in production state
>    And also in auth.log it is asking for the password because I didn't sudo
> on user nobody.
>
> 2.  I have tried using setuid on the file restart_psql.sh but unfortunately
> it doesn't seem to be forcing the execution as root it still show the user as
> nobody when I include whoami in the sh file.
>
> 3.  I have also tried add nobody to the sudoer file but only allowing to
> execute a specific command /etc/rc.d/init.d/postgresql.  This also didn't
> show progres because it is still asking for the password of nobody in auth.log
>
> Does anybody know if this is possible or is there a better way of doing this?
>
> Thanks
>
>
> --
> Linh Luong
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>

Re: Restart postgres in php as nobody

From
Martijn van Oosterhout
Date:
On Mon, Jan 07, 2002 at 11:04:11AM -0700, Linh Luong wrote:
> 2.  I have tried using setuid on the file restart_psql.sh but unfortunately
> it doesn't seem to be forcing the execution as root it still show the user as
> nobody when I include whoami in the sh file.

General note: The setuid bit does *not* work on shell scripts, only on
actual programs.

Other people have provided good answers to your question.
--
Martijn van Oosterhout <kleptog@svana.org>
http://svana.org/kleptog/
> Terrorists can only take my life. Only my government can take my freedom.