Question
I have been looking for a way to let PHP run some command line tasks including some sudo commands i.e reboot. I understand that giving sudo acccess to the www-data user is a security risk. Most people say to write to a file and let cron pick it up every minute and run the command.
But when I press reboot I want it to reboot.
It’s a Raspberry Pi with some recording software on, which will be controlled using the web interface (like webmin, all routers?). The Raspberry Pi will obviously sit on a local network with access to download/upload information on the internet, the Raspberry Pi will have a username and password to access the web interface.
Isn't this just how your router works? The web interface of a router basically has root access and in most cases you can set a bash script to run, surely that's just as insecure as what I'm trying to achieve with the Raspberry Pi.
As long as the Raspberry Pi's web interface is secure, ssh log in is disabled (but only log in via keys enabled) I can give www-data access to sudo commands?
Right? Or will there still be issues?
Solution
You can consider running another webserver process which is only available from localhost and runs PHP as root. This server will then have scripts for just the actions you need, like reboot. The user-facing web server will then use cURL (or fopen) to access the other server.
If your user-facing server is compromised, an attacker can obviously reboot your server, but won't have access to your complete file system.
OTHER TIPS
Isn't this just how your router works? The web interface of a router basically has root access and in most cases you can set a bash script to run, surely that's just as insecure as what I'm trying to achieve with the Raspberry Pi.
The problem with this logic is you are looking at the end result of a process & assuming the process beneath it. Remember, even when you click reboot on a router the process is not instantaneous. That alone should give you a clue that something more is happening there.
To avoid risks with sudo being hijacked, you could do a proxy method of doing the follwing:
https://stackoverflow.com/questions/23342699
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianbash script.bash script checks for the existance of a file that is something called reboot.txt that can be located in /opt/reboot.txtWhile some would balk at superusers running a cronjob like this, I say it is a better alternative than giving www-data sudo privileges. Why? Well, if www-data has sudo privileges it can do anything including wiping out your system. Having a cronjob that is restricted which then calls a bash script which is restricted to then run a process that is restricted gives you more security.
Actually you can visudo and in your shudders file simply give www-data permission to sudo only certain commands like /bin/reboot /bin/poweroff. You would enter it at the end of the shudders file like this:
www-data ALL=(root) NOPASSWD:/sbin/poweroff
www-data ALL=(root) NOPASSWD:/sbin/reboot
then in your php code for your button you would do your php shell exec. Either add the /sbin/poweroff or create another bash script that has the sudo command in it and the power off directive. Then make the shell exec command execute that new script.
