Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Safe way to delete a file owned by ROOT from a PHP script on Apache

Status
Not open for further replies.
thedaver

thedaver

IS-IT--Management
Jul 12, 2001
2,741
US
I'm playing around with coding a tool to control SSHd access via scripted processing of IPs from logs and stuffing them into /etc/hosts.deny. (yes I know other tools already can do this, I'm forcing my self to think on my own as a coding exercise with some spare time...)

This is on a remote linux server and SSH is my only console access. Obviously I don't want an erroneous value to lock me out. So....

I'd like to have a simple PHP script on my Apache that I can call (e.g. hostname.tld/resethostsdeny.php), that would either delete or rename the /etc/hosts.deny file.

Obvious trouble is that this file is perm 644 and owned by user 'root'. I don't want to escalate my Apache's user to become root just to delete/rename this file.

Would you advise that PHP could tell 'cron' to do something directly? Use PHP to write a flag file that a cron job would periodically check as a flag to remove hosts.deny?

This is kind of an exercise to have an unprivileged process (apache) tell the system to act on a privileged file.

How would you do it? Thanks! Dave.







D.E.R. Management - IT Project Management Consulting
 
Sort by date Sort by votes

As I was reading the post I was thinking along the same lines as you. I would have the php script keep a file updated. Then use cron to write that file over hosts.deny. If a timed interval doesn't fit your needs, maybe you can use an event to trigger the script instead of cron.

 
Upvote 0 Downvote
I went ahead and make a PHP script that writes a specifically named file to a specific folder (my "flag file"). No particular content in the folder.

Then, a cron job polls for that file's presence, deletes that flag file, and then takes action from there. Otherwise, if the flag is absent when the cron script runs, it terminates with no further action.

I think there's a tool called 'filemon' that does some similar monitoring, but this met my needs...

Thanks for the comment!

D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
722
gbaughma
gbaughma
AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
388
AbidingDude
AbidingDude
grazinggoat2
  • Locked
  • Question
Old PIDS after script runs
Replies
0
Views
197
grazinggoat2
grazinggoat2
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
339
spamjim
spamjim
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
158
kasperelectronics
kasperelectronics

Part and Inventory Search

Sponsor

Back
Top