2

i need to be able to change the IP address of a server using PHP. i'm trying to use ifconfig eth0 down as the www-data user to make sure it will work. so far, i've gotten rid of a permissions issue on /var/run/network/ifstate file, but now i get a permission denied line that reads SIOCSIFFLAGS: Permission denied. is there a way around this? if not, how do you change the IP address of a server in a web page?

php code:

//if the ip has changed, bring down the network interface and bring it up with the new IP
if($ipConf != $ip) {
    $ifdownSuccess = exec("ifconfig eth0 down", $downOutput, $downRetvar);
    $ifupSuccess = exec("ifconfig eth0 up ".$ip, $upOutput, $upRetvar);
    //TODO: check for ifupSucess and revert to old ip if the command failed
    var_dump($downOutput);
    var_dump($downRetvar);
    var_dump($ifdownSuccess);
    var_dump($upOutput);
    var_dump($upRetvar);
    var_dump($ifupSuccess);
}

returns:

array(0) { } int(127) string(0) "" array(0) { } int(127) string(0) ""

is there a way around this permissions issue or another tool i can use to do this?

Improve this question
9
  • Can't you use sudo and just allow ifup/ifdown? This would work around all permission problems. Commented Nov 25, 2011 at 16:38
  • I think only root can bring down network interfaces... But I might be wrong. Commented Nov 25, 2011 at 16:38
  • but how do i use sudo from a php exec() call? it requires a password on a following line... Commented Nov 25, 2011 at 16:40
  • Why on gods earth are you trying to do this? It can be difficult to recover. Also changing IP addresses should be a rare event or handled by DHCP. I strongly recommend that you DO NOT DO THIS. Also you need to be root and need to consider the implications (as possibly wiring) before you attempt to do this. Commented Nov 25, 2011 at 16:44
  • 1
    just let it suffice that it is absolutely necessary for what i'm doing... i'll take care of the clean up. right now i just need it to work. Commented Nov 25, 2011 at 16:47

2 Answers 2

Reset to default
3

I had a similar problem and am considering the following solution:

1) The php page reads in the IP, Netmask, and gateway, checking for proper formatting and whether the IP is viable and writes that to a text file

2) A cronjob written in whatever, looks for that file, and if it is there, it reads in the contents, parses it, and makes the changes

This should be sufficiently secure.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

i figured this out. the answer was to add the www-data user (or whatever the name of your server user is) to the admin group with usermod -a -G admin www-data. if you take a look at /etc/sudoers, you'll notice that anyone in this group can perform sudo commands without a password prompt using sudo -n <command>. made a quick code change:

//if the ip has changed, bring down the network interface and bring it up with the new IP
if($ipConf != $ip) {
    $ifdownSuccess = exec("sudo -n ifconfig eth0 down", $downOutput, $downRetvar);
    $ifupSuccess = exec("sudo -n ifconfig eth0 up ".$ip, $upOutput, $upRetvar);
    //TODO: check for ifupSucess and revert to old ip if the command failed
    var_dump($downOutput);
    var_dump($downRetvar);
    var_dump($ifdownSuccess);
    var_dump($upOutput);
    var_dump($upRetvar);
    var_dump($ifupSuccess);
}

and i'm now in business. was able to connect on the new IP address via SSH and view webpages via the new IP as well.

Improve this answer

2 Comments

Be aware that there are lots of security risks associated with having the www-data user able to execute root-level stuff, especially if you configure it to not need a password. In other words, if your application is compromised in any way, the attacker has freedom to do whatever he wants. Please consider using visudo to limit the executables that www-data has access to, such as in this post: stackoverflow.com/questions/8202887/…
Just to reinforce, giving sudo permission to the http user is a REALLY bad idea.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.