Let me develop a simple web application, which handles some directory on the server. I wish to give people the choice to make use of chown and chmod.
What's the most secure method to give PHP this permission? The fastest factor is simply running Apache and PHP as root, but that does not appear to become a wise idea.
Another factor I figured of, was developing a separate script that has setuid root..
Well, it certainly seems like a harmful idea to start with and I'd prefer seated and thinking with the whole strategy of what's attempting to be accomplished.
The risk is privilege escalation of the executable script that your remote user could modify or upload, obviously. Full chown/chmod inside a web application is the same as just pasting your root password around the page.
What exactly is it which must happen?
When the chown must happen for whatever reason although not to root (hopefully) then your functionality ought to be wrapped. I'd go ahead and take user demands and queue them, then possess a separate process (might be spend, php, perl, anything) running as root by cron take a look queue, determine when the request fit the permitted parameters, making the alterations.
One of the ways is always to setup sudo in your machine (presuming it is a Linux box). Sudo enables you to definitely run instructions elevated, governed by limitations established within the sudoers.conf file. Use tight rules to limit its use towards the needed instructions inside a specific directory for that user your internet services are running under (like world wide web-data), after which call the command spend out of your PHP script something similar to ienc:
shell_exec("sudo chmod 777 dirname");
Do make certain that the sudo config is tight, to make sure that breaking out is going to be difficult.
Possibly you should think about the php instructions: chmod, chown, chgrp and fileperms