Thread: Restart postgres in php as nobody
Hi all, I don't know if this is do-able but any suggestions would be appreciated. I have an restart_psql.sh that takes in an argument -F or -S that executes the start of stop option of postgres. I am trying to restart postgres with the option -F when running the php script via browser as nobody. I have exhausted the following possiblities: 1. system("sudo /etc/rc.d/init.d/postgresql stop"); This doesn't do anything because it doesn't display the message the database is shutting down or in production state And also in auth.log it is asking for the password because I didn't sudo on user nobody. 2. I have tried using setuid on the file restart_psql.sh but unfortunately it doesn't seem to be forcing the execution as root it still show the user as nobody when I include whoami in the sh file. 3. I have also tried add nobody to the sudoer file but only allowing to execute a specific command /etc/rc.d/init.d/postgresql. This also didn't show progres because it is still asking for the password of nobody in auth.log Does anybody know if this is possible or is there a better way of doing this? Thanks -- Linh Luong
If this is on a UNIX system: You can edit the .rhosts or comparable file of the postgres user and add the HOST and USER (nobody) that you want to SU to. For example, in the .rhosts file of the postgres user you can add: webservername nobody Then try: system("rsh localhost -l postgres pg_ctl stop"); I haven't tried this, but hope it helps. [ Troy Campano ] -----Original Message----- From: Linh Luong [mailto:linh.luong@computalog.com] Sent: Monday, January 07, 2002 1:04 PM To: pgsql-general@postgresql.org Subject: [GENERAL] Restart postgres in php as nobody Hi all, I don't know if this is do-able but any suggestions would be appreciated. I have an restart_psql.sh that takes in an argument -F or -S that executes the start of stop option of postgres. I am trying to restart postgres with the option -F when running the php script via browser as nobody. I have exhausted the following possiblities: 1. system("sudo /etc/rc.d/init.d/postgresql stop"); This doesn't do anything because it doesn't display the message the database is shutting down or in production state And also in auth.log it is asking for the password because I didn't sudo on user nobody. 2. I have tried using setuid on the file restart_psql.sh but unfortunately it doesn't seem to be forcing the execution as root it still show the user as nobody when I include whoami in the sh file. 3. I have also tried add nobody to the sudoer file but only allowing to execute a specific command /etc/rc.d/init.d/postgresql. This also didn't show progres because it is still asking for the password of nobody in auth.log Does anybody know if this is possible or is there a better way of doing this? Thanks -- Linh Luong ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly
Not really a Postgres related issue From a security point of view your system is behaving normally because you should not be able to execute root commands from a web browser However if you have any C experience you may want to write a small script that will setuid(0) i.e. root and then execute the command depending on the argument that you give it. Then put this file in /usr/local/bin This should allow you to do what you want to do Darren Darren Ferguson Software Engineer Openband On Mon, 7 Jan 2002, Linh Luong wrote: > Hi all, > > I don't know if this is do-able but any suggestions would be appreciated. > > I have an restart_psql.sh that takes in an argument -F or -S that executes > the start of stop option of postgres. > > I am trying to restart postgres with the option -F when running the php > script via browser as nobody. I have exhausted the following possiblities: > > 1. system("sudo /etc/rc.d/init.d/postgresql stop"); > This doesn't do anything because it doesn't display the message the > database is shutting down or in production state > And also in auth.log it is asking for the password because I didn't sudo > on user nobody. > > 2. I have tried using setuid on the file restart_psql.sh but unfortunately > it doesn't seem to be forcing the execution as root it still show the user as > nobody when I include whoami in the sh file. > > 3. I have also tried add nobody to the sudoer file but only allowing to > execute a specific command /etc/rc.d/init.d/postgresql. This also didn't > show progres because it is still asking for the password of nobody in auth.log > > Does anybody know if this is possible or is there a better way of doing this? > > Thanks > > > -- > Linh Luong > > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly >
On Mon, Jan 07, 2002 at 11:04:11AM -0700, Linh Luong wrote: > 2. I have tried using setuid on the file restart_psql.sh but unfortunately > it doesn't seem to be forcing the execution as root it still show the user as > nobody when I include whoami in the sh file. General note: The setuid bit does *not* work on shell scripts, only on actual programs. Other people have provided good answers to your question. -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > Terrorists can only take my life. Only my government can take my freedom.