Re: Restart postgres in php as nobody

Not really a Postgres related issue

From a security point of view your system is behaving normally because you
should not be able to execute root commands from a web browser

However if you have any C experience you may want to write a small script
that will setuid(0) i.e. root and then execute the command depending on
the argument that you give it.

Then put this file in /usr/local/bin

This should allow you to do what you want to do

Darren

Darren Ferguson
Software Engineer
Openband

On Mon, 7 Jan 2002, Linh Luong wrote:

> Hi all,
>
> I don't know if this is do-able but any suggestions would be appreciated.
>
> I have an restart_psql.sh that takes in an argument -F or -S that executes
> the start of stop option of postgres.
>
> I am trying to restart postgres with the option -F when running the php
> script via browser as nobody.  I have exhausted the following possiblities:
>
> 1.  system("sudo /etc/rc.d/init.d/postgresql stop");
>    This doesn't do anything because it doesn't display the message the
> database is shutting down or in production state
>    And also in auth.log it is asking for the password because I didn't sudo
> on user nobody.
>
> 2.  I have tried using setuid on the file restart_psql.sh but unfortunately
> it doesn't seem to be forcing the execution as root it still show the user as
> nobody when I include whoami in the sh file.
>
> 3.  I have also tried add nobody to the sudoer file but only allowing to
> execute a specific command /etc/rc.d/init.d/postgresql.  This also didn't
> show progres because it is still asking for the password of nobody in auth.log
>
> Does anybody know if this is possible or is there a better way of doing this?
>
> Thanks
>
>
> --
> Linh Luong
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>