# Best practices for controlling FreeBSD through PHP



## r3gan (Aug 19, 2014)

Hi all,

I have an interest in being able to manage or administer a FreeBSD server from a web interface, specifically a PHP "web admin" sort of thing.  Now I've Googled alot about this, found Thread 13503 and many other discussions, and I understand the security risk associated with running (possibly privileged) system commands as a 'web user'.  I'm looking for your input and comments on the best practices for facilitating this.

I've seen other solutions, such as 'webmin', which seem to be full-fledged, robust solutions that are doing exactly what I am trying to do... but these solutions would be over-kill for my needs.  I just want to be able to run a few OS-level commands (some of which may be privileged) from a calling PHP script, but do this in a secure and regulated manner.  How do softwares like 'webmin' control access to specific commands only?  What is the best way to go about this?  Is there a recommended methodology for FreeBSD?  My first thoughts are to use 'sudo' and some manner of shell script wrappers to control access to specific commands/services/etc. that I want to control from the web UI.

Appreciate the input, thanks!


----------



## roddierod (Aug 20, 2014)

"Don't" is probably going to be the canonical answer.  Why not just `ssh` into the both and "run a few OS-level commands"?


----------

