PDA

View Full Version : Running terminal commands with the user privilege?




msharp
Feb 15, 2007, 02:52 AM
Hi there

I'm currently developing a software by PHP with Apache 1.3 that bundled with Mac OS X.

Now I need to launch a graphic program(for example, Photoshop) to open some type of file(in this case, a .psd file)

I tried to run terminal commands like this:
open -b com.adobe.Photoshop [FilePath]

It worked for me, but it won't work when it's run by PHP(System opens the psd file using Preview).

I guess it's the privilege problem, it seems that the "www" user can not open a file by specifying a bundleIdentifier while a normal user can.

So I'm here asking is there anything I can do about this?

Thanks!~



rickb
Feb 15, 2007, 12:00 PM
How did you find the terminal executable for photoshop, I'm looking for the same thing but for other programs?

THanks

jeremy.king
Feb 15, 2007, 03:10 PM
You could enabling suexec (http://www.articleworld.org/index.php/How_to_enable_Apache's_suexec_support_on_Mac_OS_X_10.4_and_newer) and try running the scipts as a different user.

jhande
Feb 16, 2007, 02:02 AM
Suexec (a wrapper for setuid, google it) can do what you want. However, be wevy, wevy careful. What you are doing is escalating apaches privileges for this particular script.

If you choose to go this route, then at least be certain that the script that is called is severely restricted. I don't know how Photoshop handles commandline arguments, but if it globs all of them as a sequence, and allows stuff like "photoshop /file/I/want rm -rf /", and 'rm -rf /' is executed, then you've just hosed all the parts you have access to.

Whatever route you choose, make sure that you validate whatever is going to be sent to the system.