php - Execute tcl script from website as different users

947

I'm building a website which will run tcl scripts in the background.

I have few tcl scripts which I would like to call from my website and execute it. I'm designing the page using PHP in Linux/Apache server. I have few users who would be executing these scripts, but these scripts should be executed as that user and not the webuser (_www) as the tcl script will automatically send reports in the end to the user who executed it.

One option I thought was to change user (su) and then execute the script throughshell_exec, but I see some security issues with this.

So is there better approach to this?

581

Answer

Solution:

I'd execute the scripts withsudo, you can configure so that your WWW user can execute 1 single command (your tcl script) under the other users without requiring a password.

See this for some reference about sudo (esp the configuration section)

291

Answer

Solution:

A Tcl-specific solution to this might be to build your Tcl scripts into starpacks — single-file executables — that you then make owned-and-setuid by the user that you want them to run as. This only works for the case where you want the user to be the owner of the script, and not some other user who has logged in over the internet. That latter case is much harder to get right (due to the complex mess of security issues involved), so much so that people deploy entire application infrastructures to deal with it.

Have you considered suEXEC?

People are also looking for solutions to the problem: php - Get stock quantity of entire category in Magento

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.