www.webdeveloper.com
Results 1 to 5 of 5

Thread: Question: About sessions and command prompt

  1. #1
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    1,046

    Question: About sessions and command prompt

    Can I use sessions to log into my command prompt under ther sessions user?

    Example:

    Sessions user = me

    user that apache uses to run shell_exec (through my php script) = nobody or apache (something along those lines)

    Can I use sessions to run shell_exec as me (in the php script)?

    Thanks for any insite in this matter, and pleaz tell me if I am way off or if you have another suggestion to allow "me" to run "shell_exec" instead of "nobody"(apache)

  2. #2
    Join Date
    Aug 2005
    Location
    The Garden State
    Posts
    5,634
    sort of. you could use su to switch to your user, then shell_exec after that should switch you to someone else. but beware to exit after the script terminates, it may leave the user the same.

    atleast that should work. i'm not sure if shell_exec has limits to what it can do.
    Acceptable Use | SQL Forum FAQ | celery is tasteless | twitter

    celery is tasteless - currently needing some UI time

  3. #3
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    1,046
    Im not sure that I explained this correctly.

    I have a php script (encrypt.php) that runs from my site and encrypts the file just fine with gpg encryption.

    Im using the code below to encrypt the file, except the secret file can be any format (.doc, .ppt, .xls, etc...), but this is basically the code I used for encryption (And it works).

    here is the page where I got the code from

    Code ref page

    PHP Code:

        $gpg 
    '/usr/bin/gpg';
        
    $recipient 'john@doe.com';
        
    $secret_file 'secret_file.txt';

        echo 
    shell_exec("$gpg -e -r $recipient $secret_file"); 
    now when decrypting the file using basically the same command to encrypt it, it does not work.

    (decrypt.php)

    PHP Code:

        $gpg 
    '/usr/bin/gpg';
        
    $passphrase 'My secret pass phrase.';
        
    $encrypted_file 'foo.gpg';
        
    $unencrypted_file 'foo.txt';

        echo 
    shell_exec("echo $passphrase | $gpg --passphrase-fd 0 -o $unencrypted_file -d $encrypted_file"); 
    i can run both of these commands from the terminal shell and they both work just fine, but when running from the php script (encrypt.php and decrypt.php) the encrypt works and the decrypt does not.

    also when running encrypt.php and decrypt.php the user that apache allows to execute these pages is the 'nobody' user which has very limited privileges. I think this is the cause for the decrypt.php script not to work.

    Also I forgot to mention the encrypt.php script is owned by 'my_user' and generates the decrypt.php file based on the file and directory. But the generated decrypt.php file is owned by the 'nobody' user.

    I have even taken out the decrypt function and placed it in its own file (wth 'my_user' as the owner) and then did an include in the generated php script, but still no go.

    I have posted another thread about this as well but no one responded.

    Link to other post

    The question I had is if I can use something to change the user 'nobody' to 'my_user' while running my php script from the web with NO terminal access, just echo'ing a command or using a process like sessions to change the user.

    I tried your suggestion in earlier testing with my script and revisited it when you posted (Thanks for the advice) but it's still not working.

    The idea behind the script and its functionality is to upload a file of a specific size or less, encrypt it on my server. when some_user goes to retrieve the file, decrypt it and then download.

    seems simple enough, and I have done everything else except the decryption. maybe its the code?

    any other suggestions or thought will be welcomed.

  4. #4
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    1,046
    here is the script Im using to test the apache user when trying to su from the php script.

    Note please change it to your user if using this code:

    PHP Code:
    <?php

    //Back Ticks
        
    $whom = `whoami`;
        echo(
    $whom);
        echo(
    "$whom <br>");

        
    $su_user = `su - my_user`;
        echo(
    $su_user);
        
    $su_pass = `p@ssw0rd`;
        echo(
    $su_pass);

        
    $whom = `whoami`;
        echo(
    $whom);
        echo(
    "$whom <br>");

        
    $status = `logout`;
        echo(
    $status);

        
    $whom = `whoami`;
        echo(
    $whom);
        echo(
    "$whom <br>");

    //Shell_exec
        
    $whom shell_exec(whoami);
        echo(
    $whom);
        echo(
    "$whom <br>");

        
    $su_user shell_exec(su my_user);
        echo(
    $su_user);
        
    $su_pass shell_exec(p@ssw0rd);
        echo(
    $su_pass);

        
    $whom shell_exec(whoami);
        echo(
    $whom);
        echo(
    "$whom <br>");

        
    $status shell_exec(logout);
        echo(
    $status);

        
    $whom shell_exec(whoami);
        echo(
    $whom);
        echo(
    "$whom <br>");

    //Exec
        
    $whom exec(whoami);
        echo(
    $whom);
        echo(
    "$whom <br>");

        
    $su_user exec(su my_user);
        echo(
    $su_user);
        
    $su_pass exec(p@ssw0rd);
        echo(
    $su_pass);

        
    $whom exec(whoami);
        echo(
    $whom);
        echo(
    "$whom <br>");

        
    $status exec(logout);
        echo(
    $status);

        
    $whom exec(whoami);
        echo(
    $whom);
        echo(
    "$whom <br>");


    ?>

  5. #5
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    1,046
    Thanks solved the issue, please check the other thread to see my results

    http://www.webdeveloper.com/forum/sh...846#post630846

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles