I am working on a game panel and I building it in PHP and BASH. So, the web panel controls the game severs by running bash scripts when buttons are pressed. So far so good. My problems come when I need to run the bash scripts because the user running them needs sudo privileges or the scripts will have a an unexpected behavior:
Should I create a new user and give it sudo privileges, then login to the server via SSH (through PHP)? If so how can I store the login credentials safely so if a hacker breaches my website he won’t find them?
Should I give www-data sudo privileges to the specific scripts? Is this a dangerous approach?
Is there any better and more secure way to run bash scripts from a webpage?
I am a newbie PHP developer and my first project is a game panel running on Ubuntu server. Please have mercy. 🙂
Advertisement
Answer
I wouldn’t run any bash scripts directly from PHP, instead I would decouple the two by using a message queue.
Have the PHP script send a message to an exchange and mark the action as “in progress”. Then have a bash script run as a consumer for a queue that receives the message, process it and run the necessary script. Finally pass the message on to another queue which is consumed by PHP and update the action status as “completed” or “failed”, depending on the outcome. This is not a synchronous process but it’s the safer way to handle it.
Suggested reading: