Hello

I am developing a web-based FTP admin tool and I would like to let my users restart FTP daemon. To do that php should run shell_exec('kill ' . $pid); where $pid is the daemon pid that i find out using $pid = shell_exec( 'cat /var/run/myftp.pid' );

$pid is found successfully but killing the process fails - after executing the php script i make ps -ef and find out the process is still aliv. I think it is because only root can kill a process but apache runs as nobody.

What should I do to make php execute my commands?

I've read smth about suexec on http://www.linuxplanet.com/linuxplanet/tutorials/1445/1/
Do I need PHP as CGI? If so, are there any nice articles on this, because google did not return anything valid.

P.s. I have PHP 4.3.x running on Linux SuSE 8.1, Apache 1.3.27;

Thanks.

Let me be the first to ask: WHY?

I wouldn't give users that ability at all, whether it required root privs or not.

What happens if User A is halfway through uploading/downloading a large and important file or group of files, and User B decides to kill the process? If I were User A, I'd go somewhere else for my services.

By term 'user' I mean the guy that hosts the ftp server, so I actually do not care WHY would he like to do that - I assume, he is aware of the consequences that his action my have. We also have a nice ftpwho application in this ftpdaemon that will be used to check if there are any running up/down-loads. I also do not think that the use of this application lies within the scope of this forum and this question ;)

If you can give any workaround for this application, nice, but not perfect. If i'm developing this application to configure some more things than just an ftpdaemon, will we look for another workaround?

The question is what should I add to php/apache configuration or whatever to execute lots of only-root scripts.

One thing you could do, without giving apache root privs....

See if the ftp daemon can be started/stopped by a regular user (would probably require a standalone FTP daemon--not controlled by inetd/xinetd).
If your daemon can be started with some sort of command, just add apache to that *group* and give the group execute permissions (this would assume you had apache running as a different user, something like, oh, i don't know, "apache" :) ).

Another option, which could also save you alot of time.... for things like server control (more system-level, not site-level), you could run Webmin.

Oh man, i'm payed for developing, not using ;)
And I don't trust on any web-based application but mine ;)
How webmin can do all the things it does?

I use pureftpd and do not have any other idea how to stop it without killing it. And KILLING is limited to root :(

Well, Webmin's actually pretty decent. It's basically a CGI app that has root access :)

As far as killing processes, you only have to be root if you want to kill processes that you didn't start. If you could have apache "own" the ftp server/start it, it should be able to kill it, or better yet, send it the hangup ( -HUP ) signal.

EDIT: just checked the ProFTP site (never used it - I last used VSFTP), and you *can* run it as a standalone server, and sending it the HUP signal causes it to reread its config without stopping.