I am using Apache 2.4 on Ubuntu. I have written one module in C language and integrated it into Apache server using Apache Extension tools (apxs). There is some part of my code where I am calling executable using exec function but I want to call that executable as superuser. so I want to run my module with superuser privileges but by default Apache is running as www-data user and asking for password for www-data.
Is there any way to run this module using superuser privileges?
Otherwise is there any other way to run root command in C within Apache module?
Is it possible to use suExec module for this?
No, it's not possible to run the Apache module under a different user from the Apache server itself. But there are several strategies to workaround that limitation.
1) You can set the "setuid bit" on the executable you want to run from Apache, like this:
chown root:root executable
chmod 06755 executable
Then, when you run this executable (say, with fork + exec or with system) from the Apache module, the executable will run from under the root user, with root permissions.
2) You can configure the /etc/sudoers file in a way that will allow the www-data to run the executable in question with the root priviledges with the help of the sudo command.
3) You can have a separate process running with root priviledges and receiving commands from the Apache module with any kind of IPC/RPC.
Please note, that you should avoid using the root priviledges if it all possible since running your code under root might pose a security risk. Unless, of course, you're absolutely sure that your code won't have any bugs.