php sessions - is it possible to trigger a server script executed by a DIFFERENT user than www-data?

Solution 1:

You can use setuid() functionality to run scripts and other things as another user.

I use the below wrapper script to run another script as a different user than www-data for a specific purpose on an Apache web server.

suid_wrapper.c:

#include <stdlib.h>

/*
 * C wrapper to run script as other user from Apache.
 *
 * Instructions:
 *   Run as root:
 *     gcc suid_wrapper.c -o make_stats.cgi
 *     chmod a+s make_stats.cgi
 */

// User ID and Group ID for wanted user.
int uid = 503;
int gid = 506;
// Path to script to be executed as above user.
const char* scriptpath = "/home/user/public/stats/make_stats.sh";

int main()
{
    // setgid() must be before setuid(); otherwise one has forsaken the privilege to change group.
    setgid(gid);
    setuid(uid);
    system(scriptpath);
    return 0;
}

Just call make_stats.cgi from Apache and the script given in the above file should be run as the user specified in the above file.