php sessions - is it possible to trigger a server script executed by a DIFFERENT user than www-data?

php apache-http-server tomcat

Solution 1:

You can use setuid() functionality to run scripts and other things as another user.

I use the below wrapper script to run another script as a different user than www-data for a specific purpose on an Apache web server.

suid_wrapper.c:

#include <stdlib.h>

/*
 * C wrapper to run script as other user from Apache.
 *
 * Instructions:
 *   Run as root:
 *     gcc suid_wrapper.c -o make_stats.cgi
 *     chmod a+s make_stats.cgi
 */

// User ID and Group ID for wanted user.
int uid = 503;
int gid = 506;
// Path to script to be executed as above user.
const char* scriptpath = "/home/user/public/stats/make_stats.sh";

int main()
{
    // setgid() must be before setuid(); otherwise one has forsaken the privilege to change group.
    setgid(gid);
    setuid(uid);
    system(scriptpath);
    return 0;
}

Just call make_stats.cgi from Apache and the script given in the above file should be run as the user specified in the above file.

Related

Programs are suspended on startup and ending them causes Explorer to Crash
Microsoft word 2007: how to number some pages in roman numerals and the rest in regular numbers
2 WAN to LAN, What router do I need? [closed]
How do I set up preferred applications in Nautilus by file extension, rather than by mime type?
Split rows into different sheets based on a column's value in Excel
Renaming .jpg files in subdirectories without changing the creation date (on a MAC)
VLC 2.1.5 - unable to find file caching values in preferences
How the PC boots even after the CMOS battery failure?
Is it possible to run a Windows executable in Mac OS X?
Sending text with formatting in Skype 6 and older
Debian PostgreSQL doesn't appear to be working
Can recovery disk of one laptop be used on another laptop?