• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Apache, php and linux file permissions

D

DangerIsGo

2[H]4U
Joined
Apr 16, 2005
Messages
3,000
To make this absolutely clear, I need to start from the beginning.

I have a dc++ server running on my nix box. To start it i do

sudo dbhub <commands>

and it starts it from /home/me/.dbhub

There is a file in there called reglist which is write and read protected only by root (chmod 600) as are some other files that the hub software uses and checks on a constant basis (every 2-3 minutes). Now. I have a pop3 php file which is automatically run every few minutes by cron under sudo ... because it has this line of code in it:

exec("sudo chmod 755 /home/me/.dbhub/reglist");

So I can add that user to the reglist for the hub.

With me so far?

The next piece of code (new php file) is somewhat different. In this case, the code is NOT run by cron and is executed when a user clicks submit (its a change password form...they enter their username, old pass, and newpass and if all is good, it changes the password in the reglist file with sed). The problem is....this code is NOT given sudo permission when executed. It just runs. I have these lines of code in it:

exec("sudo chmod 755 /home/me/.dbhub/reglist");
exec("sed -i <change line in reglist>");
exec("sudo <run perl script>");

That i need executed as sudo. How would I go about that with apache, php and the file permissions of linux? If I chmod 755 the reglist file from a regular terminal, the file will go back to 600 every 2-3 minutes which defeats the purpose of this change form.
In a nutshell, how would i give write permissions to that file when submit is pressed whith those lines of code? Thanks.
 
This could be a path issue...


exec("sudo chmod 755 /home/me/.dbhub/reglist");
exec("sed -i <change line in reglist>");
exec("sudo <run perl script>");


Where is sudo and sed located at on your drive? /usr/bin? /sbin/? /usr/sbin?

(you can use whereis or which to help you)

change those commands to:

exec("/sbin/sudo chmod 755 /home/me/.dbhub/reglist");
exec("/usr/bin/sed -i <change line in reglist>");
exec("/sbin/sudo <run perl script>");

(but use the actual paths obviously)


I mentioned this in your other thread on this topic. Did you try it yet?
 
GREAT! Now my damn apache2 is acting up For some reason, browsers ask to download a file when the address is typed in rather than displaying the PHP. WTF! If you open that code, it has my PHP which has my db passwords and shit. I disabled apache2 for now, but I dont get it? It was working fine this afternoon. I just uninstalled apache2 and php5 and reinstalled them...no go. .What gives?
 
Check your apache.conf and httpd.conf (and make sure they are there)

Make sure your httpd.conf has a <directory> </directory> block still.

Look for:

DirectoryIndex index.html index.php

make sure index.php is still there :)
 
Make sure httpd.conf is owned by the correct user and has the correct permissions.

I believe apache2 will work without an httpd.conf - since it first reads apache.conf (For all webs) and then httpd.conf (per web)
 
-rw-r--r-- 1 root root 12487 2007-04-26 04:28 apache2.conf

-rw-r--r-- 1 root root 268 2007-04-26 04:08 httpd.conf

Thats in the apache2 folder in /etc/apache2

in /etc/apache, the httpd.conf is

-rw-r--r-- 1 root root 268 2007-04-26 04:08 httpd.conf
 
Did you restart apache recently?

It's been awhile... but shouldn't they be owned by the apache user? I guess with read access to everyone it shouldn't matter... you didn't change permissions to either of their directories did you?

What distribution of linux are you using? How did you get apache2 (preinstalled, built from source, installed from binaries, cvs, rpm, etc?)

You shouldn't have 2 httpd.conf's I don't think! Try renaming one/both to httpd.old (one at a time).
 
I just restarted it

Im not sure? Theres no apache user in my system, I would have to create one. I dont think I did
Permissions:

drwxr-xr-x 2 root root 4096 2007-04-26 04:24 apache
drwxr-xr-x 8 root root 4096 2007-04-26 04:08 apache2

in /etc. Im using ubuntu 6.10. I used the synap pack man. same with PHP.


Update, If i install the apache server (not apache2), it works. What would cause this? I cant believe we got sidetracked so much ...grrr
 
Ok this is bigger than I thought...it seems that with apache...mysql_connect() doesnt work...why would that happen? Is it something only with apache2 that it connects to mysql dbs?
 
So your mod_mysql and default homepage are both broken.

It is definitely an issue with apache2 not looking in the correct location for httpd.conf or apache.conf or malformed xml (as I mentioned in a pm to you).

Did you xmlint the conf files to make sure they are valid xml? (or use w3schools.org's online xml validator).

Or a permissions issue with the conf files...
 
Ok, I did a complete removal of apache, apache2, php5 (and 4 components) and any lib modules for apache/php, reinstalled and its working now :)

Back on topic...How would I give permission for this change form?
 
DangerIsGo said:
Ok, I did a complete removal of apache, apache2, php5 (and 4 components) and any lib modules for apache/php, reinstalled and its working now :)

Back on topic...How would I give permission for this change form?
Click to expand...

Which change form? I'm not sure I understand your Q.

(glad you got apache working again!)
 
The change form..the one this thread is about...I put in the full links to sudo and sed...noep..still didnt work.
 
Check the apache (httpd) log. What does it say?

(/var/logs I believe)
 
Password:
/bin/sed: can't read /home/dangerisgo/.dbhub/reglist: Permission denied
Password:
 
do a:

ps aux

What user is httpd running as?

You need to add that user to your sudoers. (run visudo as root)
 
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1564 516 ? S Apr25 0:01 init [2]
root 2 0.0 0.0 0 0 ? SN Apr25 0:00 [ksoftirqd/0]
root 3 0.0 0.0 0 0 ? S Apr25 0:00 [watchdog/0]
root 4 0.0 0.0 0 0 ? S< Apr25 0:00 [events/0]
root 5 0.0 0.0 0 0 ? S< Apr25 0:00 [khelper]
root 6 0.0 0.0 0 0 ? S< Apr25 0:00 [kthread]
root 8 0.0 0.0 0 0 ? S< Apr25 0:00 [kblockd/0]
root 9 0.0 0.0 0 0 ? S< Apr25 0:00 [kacpid]
root 116 0.0 0.0 0 0 ? S Apr25 0:00 [pdflush]
root 117 0.0 0.0 0 0 ? S Apr25 0:00 [pdflush]
root 119 0.0 0.0 0 0 ? S< Apr25 0:00 [aio/0]
root 118 0.0 0.0 0 0 ? S Apr25 0:06 [kswapd0]
root 706 0.0 0.0 0 0 ? S< Apr25 0:00 [kseriod]
root 1862 0.0 0.0 0 0 ? S< Apr25 0:00 [khubd]
root 1976 0.0 0.0 0 0 ? S Apr25 0:00 [kjournald]
root 2202 0.0 0.1 2432 904 ? S<s Apr25 0:00 /sbin/udevd --daemon
root 3071 0.0 0.0 0 0 ? S Apr25 0:00 [shpchpd_event]
dhcp 3557 0.0 0.1 2340 756 ? S<s Apr25 0:00 dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclient.eth0.leases eth0
root 3901 0.0 0.2 2156 1192 ? Ss Apr25 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
root 4020 0.0 0.0 1680 492 ? Ss Apr25 0:00 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg
klog 4022 0.0 0.2 2424 1352 ? Ss Apr25 0:00 /sbin/klogd -P /var/run/klogd/kmsg
104 4041 0.0 0.1 2192 836 ? Ss Apr25 0:00 /usr/bin/dbus-daemon --system
108 4056 0.0 1.0 6796 5280 ? Ss Apr25 0:01 /usr/sbin/hald
root 4057 0.0 0.1 2716 968 ? S Apr25 0:00 hald-runner
108 4062 0.0 0.1 2004 792 ? S Apr25 0:00 /usr/lib/hal/hald-addon-acpi
108 4118 0.0 0.1 2012 864 ? S Apr25 0:01 /usr/lib/hal/hald-addon-storage
108 4119 0.0 0.1 2008 820 ? S Apr25 0:01 /usr/lib/hal/hald-addon-storage
108 4121 0.0 0.1 2012 864 ? S Apr25 0:02 /usr/lib/hal/hald-addon-storage
108 4122 0.0 0.1 2008 864 ? S Apr25 0:02 /usr/lib/hal/hald-addon-storage
root 4448 0.0 0.3 10916 1668 ? Ss Apr25 0:00 /usr/sbin/gdm
root 4477 0.0 0.4 11268 2228 ? S Apr25 0:00 /usr/sbin/gdm
root 4482 0.0 0.7 10592 3892 tty7 Ss+ Apr25 0:00 /usr/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
hplip 4491 0.0 0.1 12872 804 ? Ssl Apr25 0:00 /usr/sbin/hpiod
hplip 4506 0.0 0.8 9408 4416 ? S Apr25 0:00 python /usr/sbin/hpssd
root 4618 0.0 0.2 2644 1316 ? S Apr25 0:00 /bin/sh /usr/bin/mysqld_safe
mysql 4682 0.0 3.1 126632 16240 ? Sl Apr25 0:02 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqlroot 4683 0.0 0.0 1548 500 ? S Apr25 0:00 logger -p daemon.err -t mysqld_safe -i -t mysqld
postgres 4789 0.0 0.5 18656 2896 ? S Apr25 0:00 /usr/lib/postgresql/8.1/bin/postmaster -D /var/lib/postgresql/8.1/main -c unix_socket_directory=/var/rgdm 4795 0.0 2.0 18160 10660 ? Ss Apr25 0:00 /usr/lib/gdm/gdmgreeter
postgres 4805 0.0 0.3 18788 1944 ? S Apr25 0:00 postgres: writer process
postgres 4806 0.0 0.3 9436 2016 ? S Apr25 0:00 postgres: stats buffer process
postgres 4807 0.0 0.2 8744 1316 ? S Apr25 0:00 postgres: stats collector process
root 4849 0.0 0.2 5776 1320 ? Ss Apr25 0:00 /usr/sbin/nmbd -D
root 4851 0.0 0.3 8564 1936 ? Ss Apr25 0:00 /usr/sbin/smbd -D
root 4869 0.0 0.1 8564 816 ? S Apr25 0:00 /usr/sbin/smbd -D
root 4870 0.0 0.1 4768 856 ? Ss Apr25 0:00 /usr/sbin/sshd
root 4936 0.0 0.1 1968 568 ? Ss Apr25 0:00 hcid: processing events
root 4941 0.0 0.0 1616 340 ? Ss Apr25 0:00 /usr/sbin/sdpd
root 4951 0.0 0.0 0 0 ? S< Apr25 0:00 [krfcommd]
root 4964 0.0 0.0 1628 268 ? Ss Apr25 0:00 /sbin/mdadm -F -i /var/run/mdadm.pid -m root -f -s
root 5008 0.0 0.1 2120 808 ? Ss Apr25 0:00 /usr/sbin/cron
root 5125 0.0 0.3 6120 1908 ? S Apr25 0:01 ddclient - sleeping for 210 seconds
nx 5310 0.0 0.3 5008 1908 ? S Apr25 0:00 /usr/NX/bin/nxssh -nxservermode -l dangerisgo localhost -p 22 -x -2 -o PasswordAuthentication yes -o Proot 5311 0.0 0.3 7508 1872 ? Ss Apr25 0:00 sshd: dangerisgo [priv]
1000 5313 0.0 0.2 7508 1204 ? S Apr25 0:00 sshd: dangerisgo@notty
1000 5314 0.0 1.2 12728 6300 ? Ss Apr25 0:00 /usr/NX/bin/nxnode
1000 5329 32.7 8.9 75312 46160 ? R Apr25 384:44 /usr/NX/bin/nxagent -D -options /home/dangerisgo/.nx/C-GameServer-1076-86C00910AF4857E871350CDD567619Dnx 5331 0.0 1.4 27224 7340 ? S Apr25 0:00 nxserver -c /usr/NX/bin/nxserver --login
1000 5335 0.0 0.5 12872 3004 ? S Apr25 0:04 /usr/NX/bin/nxnode
1000 5342 0.0 1.9 19604 10020 ? S Apr25 0:00 gnome-session
1000 5345 0.0 0.1 2712 648 ? S Apr25 0:00 /usr/bin/dbus-launch --exit-with-session gnome-session
1000 5346 0.0 0.1 2196 908 ? Ss Apr25 0:00 dbus-daemon --fork --print-pid 8 --print-address 6 --session
1000 5348 0.0 0.7 6068 3660 ? S Apr25 0:01 /usr/lib/libgconf2-4/gconfd-2 5
1000 5351 0.0 0.1 2340 732 ? S Apr25 0:00 /usr/bin/gnome-keyring-daemon
1000 5353 0.0 0.5 6264 2948 ? Ss Apr25 0:00 /usr/lib/bonobo-activation/bonobo-activation-server --ac-activate --ior-output-fd=17
1000 5355 0.0 1.6 27320 8568 ? Sl Apr25 0:04 /usr/lib/control-center/gnome-settings-daemon --oaf-activate-iid=OAFIID:GNOME_SettingsDaemon --oaf-ior1000 5357 0.0 0.2 3216 1544 ? SL Apr25 0:00 /usr/bin/esd -nobeeps
1000 5361 0.0 0.0 2944 444 ? Ss Apr25 0:00 /usr/bin/esd -nobeeps
1000 5367 0.0 1.8 15440 9392 ? Ss Apr25 0:40 /usr/bin/metacity --sm-client-id=default0
1000 5372 0.0 3.3 39816 17228 ? Ssl Apr25 0:25 gnome-panel --sm-client-id default1
1000 5374 0.0 6.2 88428 32336 ? Ssl Apr25 0:51 nautilus --no-default-window --sm-client-id default2
1000 5377 0.0 1.0 17252 5364 ? Ss Apr25 0:00 gnome-volume-manager --sm-client-id default4
1000 5383 0.0 1.9 19060 10292 ? Ss Apr25 0:01 update-notifier
1000 5387 0.0 1.4 54104 7584 ? Ss Apr25 0:02 gnome-cups-icon --sm-client-id default3
1000 5394 0.0 0.7 8616 3772 ? Sl Apr25 0:00 /usr/lib/gnome-vfs-2.0/gnome-vfs-daemon --oaf-activate-iid=OAFIID:GNOME_VFS_Daemon_Factory --oaf-ior-f1000 5397 0.0 2.0 49332 10404 ? Sl Apr25 0:01 /usr/lib/gnome-applets/trashapplet --oaf-activate-iid=OAFIID:GNOME_Panel_TrashApplet_Factory --oaf-ior1000 5409 0.0 1.0 17720 5528 ? Ss Apr25 0:04 gnome-power-manager
1000 5415 0.0 0.1 2288 720 ? S Apr25 0:00 /usr/lib/nautilus-cd-burner/mapping-daemon
1000 5417 0.0 2.0 45724 10336 ? Sl Apr25 0:01 /usr/lib/gnome-panel/clock-applet --oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=31
1000 5419 0.0 1.8 34028 9444 ? S Apr25 0:01 /usr/lib/gnome-applets/mixer_applet2 --oaf-activate-iid=OAFIID:GNOME_MixerApplet_Factory --oaf-ior-fd=1000 5430 0.0 2.9 46588 14972 ? Sl Apr25 0:29 gnome-terminal
1000 5431 0.0 0.1 2284 688 ? S Apr25 0:00 gnome-pty-helper
1000 5432 0.0 0.6 5688 3284 pts/1 Ss Apr25 0:00 bash
1000 5454 0.0 0.9 14924 4972 ? Ss Apr25 0:04 gnome-screensaver
root 5972 0.0 0.1 5468 928 ? Ss Apr25 0:02 dbhub -w /home/dangerisgo -l /home/dangerisgo/.dbhub/logs/dblog
root 5973 0.0 1.3 12188 7072 ? S Apr25 0:13 dbhub -w /home/dangerisgo -l /home/dangerisgo/.dbhub/logs/dblog
root 5974 0.0 0.6 8120 3404 ? S Apr25 0:06 dbhub -w /home/dangerisgo -l /home/dangerisgo/.dbhub/logs/dblog
root 5975 0.0 0.2 5472 1192 ? S Apr25 0:08 dbhub -w /home/dangerisgo -l /home/dangerisgo/.dbhub/logs/dblog
postgres 5976 0.0 0.9 20104 5084 ? S Apr25 0:01 postgres: dangerisgo dchub 127.0.0.1(41574) idle
1000 6018 0.0 1.5 34108 7864 ? Sl Apr25 0:00 /usr/lib/evolution/2.6/evolution-exchange-storage --oaf-activate-iid=OAFIID:GNOME_Evolution_Exchange_C1000 6021 0.0 0.8 32184 4476 ? Sl Apr25 0:00 /usr/lib/evolution/evolution-data-server-1.6 --oaf-activate-iid=OAFIID:GNOME_Evolution_DataServer_CalFroot 16819 0.0 0.5 8960 2724 ? S 00:35 0:00 /usr/sbin/smbd -D
root 28691 0.0 0.0 1564 496 tty1 Ss+ 04:49 0:00 /sbin/getty 38400 tty1
root 28692 0.0 0.0 1560 488 tty2 Ss+ 04:49 0:00 /sbin/getty 38400 tty2
root 28693 0.0 0.0 1560 492 tty3 Ss+ 04:49 0:00 /sbin/getty 38400 tty3
root 28694 0.0 0.0 1560 492 tty4 Ss+ 04:49 0:00 /sbin/getty 38400 tty4
root 28695 0.0 0.0 1560 492 tty5 Ss+ 04:49 0:00 /sbin/getty 38400 tty5
root 28696 0.0 0.0 1560 492 tty6 Ss+ 04:49 0:00 /sbin/getty 38400 tty6
cupsys 5239 0.0 0.3 4332 1932 ? SNs 07:42 0:01 /usr/sbin/cupsd
syslog 5655 0.0 0.1 1764 708 ? SNs 07:44 0:00 /sbin/syslogd -u syslog
root 19823 0.0 1.1 17752 5712 ? Ss 13:28 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 19824 0.0 1.1 18024 5672 ? S 13:28 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 19825 0.0 0.9 17892 4660 ? S 13:28 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 19826 0.0 0.9 17892 4728 ? S 13:28 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 19829 0.0 1.0 17988 5608 ? S 13:28 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 19830 0.0 1.0 18004 5584 ? S 13:28 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 19833 0.0 1.0 18016 5464 ? S 13:28 0:00 /usr/sbin/apache2 -k start -DSSL
1000 20590 0.0 0.4 5336 2148 pts/1 S+ 13:49 0:00 mysql -u dangerisgo -h localhost -p
root 20664 0.0 0.4 7528 2344 ? Ss 13:52 0:00 sshd: nx [priv]
nx 20666 0.1 0.3 7820 1636 ? S 13:52 0:04 sshd: nx@notty
nx 20667 0.0 4.8 27232 25140 ? Ss 13:52 0:00 nxserver -c /usr/NX/bin/nxserver --login
nx 20683 0.0 0.0 0 0 ? Z 13:52 0:00 [nxssh] <defunct>
nx 20704 0.0 0.0 0 0 ? Z 13:52 0:00 [nxserver] <defunct>
nx 20705 0.0 0.3 5000 1636 ? S 13:52 0:01 /usr/NX/bin/nxssh -B -E
1000 21943 0.1 0.6 5684 3328 pts/0 Ss 14:33 0:00 bash
1000 21993 0.0 0.1 2396 1020 pts/0 R+ 14:34 0:00 ps aux
 
www-data 19824 0.0 1.1 18024 5672 ? S 13:28 0:00 /usr/sbin/apache2 -k start -DSSL


add the user "www-data" to your sudoers

(at your own risk of course!)

But that will fix your permission denied error.
 
DangerIsGo said:
What do you mean.."at my own risk" What problems could ensue if i do?
Click to expand...

Well, you see how apache is run as the user www-data? There is a reason that it's not running as "root." www-data is a very limited user - it will only have read(execute) access to your www directory and read access to the folders with apache conf files.

If someone manages to compromise apache on your system, there options will be very limited.... unless www-data is a sudoer. Now if they compromise apache, they have free reign over your system.

A better choice would be to setup a trigger to cause your code to be executed. Perhaps create a file in the www directory (and then have a difference process that is a sudoer could monitor that folder for the 'flag' file - when that file is created, it executed the code and deletes the flag).

Or let cron execute the code periodically.

If your server is not connected to the internet you probably don't need to worry about it.
 
A better choice would be to setup a trigger to cause your code to be executed. Perhaps create a file in the www directory (and then have a difference process that is a sudoer could monitor that folder for the 'flag' file - when that file is created, it executed the code and deletes the flag)
Click to expand...

Could you explain that a little better? Yes, its connected to a dorm network(at a tech school),but its behind a router, and only ports sent to it are 22 (ssh), 80 (http..for webpage/apache), and 411 (for DC++ hub). A guy i know said to do this but I didnt understand wht he was trying to say

either
1) you can give the user sudo permission without password eg. adding him to wheel group and

/etc/sudoers

# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL

# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL

or 2) optionally you can run apache as the dbhub user or chmod directories to give apache user an access to someone's home directory, to read and write files in .dbhub directory

dbhub is the name of the dc++ hub server software that I use. What do you think?

I cant let cron run it because its a come/go page. People come whenever they want to it enter their stuff and click submit..if i let cron run it, then the only way it would happen is if they clicked submit exactly when cron was running it and that would be impossible.
 
(1) College dorm + (2) p2p software + (3) apache running with root access = trouble ;)

On the other hand, if you get hacked, just format and reinstall...

The choices laid out by your friend will both work, but are still dangerous for the reasons I mentioned.

... not as dangerous as an unpatched WinXP machine... just keep in mind that this is not the optimal way to configure your server in case you get a job in IT some day - but for your use, you might as well go with whatever is easiest for you.
 
BUt I do want it safe so if I ever get hacked, theres no way any real damage can be done..especially to the databases
 
Ok, here's how I would do it:

Write a simple Python program that monitor /var/www/temp/ for a file called process.txt. (this python script would be executed when your computer starts up so that it is always running unless you manually kill it). The process would be run as a user with sudo access. (Just run it as root - you will have tight control over it - there is no easy vector for an attacker to get at programs that are locally installed on your server)
If the program finds process.txt it
1. deletes process.txt
2. executes the code you mentioned on your first post.

Now, for your PHP application, change it to create a file called process.txt in /var/www/temp when a user clicks the submit button.

Or if this is a high volume site, you might have it create <random>.lock or something...
and then execute your code and delete the <random>.lock file every time it finds a copy of it.

python is probably already installed on your system. Ruby would be fine too - do some google searches and you should be able to find some code snippets to borrow.

Now your webserver is properly isolated from the rest of your system - if it is compromised, the worst they can (probably) do is take down your website if they were to find an unpatched exploit on your server.
 
See. the thing is, I pass variables to the 3 sudo commands that I have stated before. The 1st and 3rd are fine alone, but the 2nd needs $username and $password passed to it from the PHP code before it.
 
Ok - for the 'flag' file you create in your directory, name it:

username.lock and then place the password in the file.

That's not the optimal solution either since user's password will be stored in plain text. You could encrypt their password though - there are tons of crypto libraries built-in to Python. It would probably only take 1 or 2 lines of code.

Would that be an adequate way to pass the username and password to your 2nd command?
 
Actually, I hash the file with a randomized salt and put that in a variable, lets say $newpass and gets stored that way.
 
DangerIsGo said:
Actually, I hash the file with a randomized salt and put that in a variable, lets say $newpass and gets stored that way.
Click to expand...

Perfect - dump the hash into the contents of the file. Then your python script or whatever will immediately pull it out and process it.

Incidentally, you could write a stand-alone PHP script as well, but PHP programs cannot run continuously so you would need to use cron to periodically execute it. (and you could store the PHP script in a secure location outside of the /www tree)

I suggested Python/Ruby since you said you needed immediate processing of that data and either of these languages would be able to handle the task.
 
The script will be monitoring /var/www/temp in real-time. (well, maybe a 100ms sleep between loops).

As soon as it finds the file

DangerIsGo.lock with contents:
sdf087uhasdlhvua89sd7yjaf-adsfjh

It will execute your "2nd command" (that you referred to that requires a username and password) and execute it with the username, encrypted password indicated in /var/www/temp.

Then it will delete the lock file.


There may be other solutions, but I would consider this one a "correct" way to setup your system and keep publicly accessible services away from system binaries.
 
No problem - there will be different username.lock files. The script will just loop twice, once for each.

Ok, I just read you OP more closely. We're talking about changing the password in a file that has 600 permissions right?

So no problem! If two people change their passwords, the second user will effectively be "queued" up and have to wait .01 seconds for the first one to be processed...
 
I've already done that. Just re-read my posts and ask specific questions if you get stuck.

Remember, I already said that just allowing apache to run root commands (like your friend suggested) would probably be adequate since it's not running a mission critical server (and fixing a problem is just a reinstall away...) And I already told you the pros/cons of that solution versus the solution I proposed.

You could also go to dc++ websites and see how other people have managed this problem.

But if you want me to write the PHP and Python code to do this, you'll need to hire me :D
 
So the python code will monitor /var/www/temp folder for a <username>.lock file with the hashed password inside

If found, it takes the username from the filename, and the hashed password inside, executes the sed command (sed -i "s/$username $oldpw/$username $newpw/" <file>) then deletes that lock file?

If I am missing anything, lemme know.

Can this be done with PHP or Perl? Rather than python or ruby? heh

What owner/group will be of the temp folder? and what chmod should I have it as?

And how do i create a file with a variable in PHP? I tried this but it didnt work:

fopen("/temp/$u.lock", 'w');
 
You must log in or register to reply here.
Back
Top