PHP server (re)start and stop

[camaron]

Hello everybody
I have been struggling with a proper way of setting up a minimal php panel where you can start and stop srcds.

So far I thought about having srcds wrapped in a shell script that restarts srcds if it quits. Then I could just send rcon "quit" to the server to restart it, via php. But I wouldn't know how to stop it totally or to start it if it's stopped. And the other thing is, if someone changes the rcon password, how do i figure it out? It seems that you can set the rcon password in server.cfg, autoexec.cfg or anywhere else.

I also thought of a fifo file, that srcds reads from as standard input, and echoing commands from php to that fifo, but srcds wouldn't react, or I dont have enough knowledge about fifos.

So how should I go for controlling srcds, or obtaining the rcon. I do have acces to the srcds' files.

Thanks in advance

[trewq]

For restarting it what you can do is make it output a pid file and when you want to kill the server just kill the pid.

[camaron]

Allright that's a good start - I already have the pid file.

I will let the php script write the desired state (e.g. start/stop) into another file, then kill the process, and let the srcds wrapper read what to do from that file, and if stopped, poll the file every 10 seconds. Any possible pitfalls?

[BehaartesEtwas]

you can "directly" kill from php, if you write a script that does the job and is being started from php via sudo to run as the same user as the game server (using a properly configured sudo this can be done without a password and is still very safe).

[camaron]

yea that seems to be the proper way - seeing that srcds would get executed as the spceified user too.

Thanks for your help!

[camaron]

Ok, giving back feedback here:

give php sudo access (either w/o password or pass the password somehow) to a wrapper script which starts a screen session and detaches. later you can send commands to the server console with screen (e.g. quit, _restart, other commands).

Peace

[jpcaissy]

camaron Wrote:Ok, giving back feedback here:

give php sudo access (either w/o password or pass the password somehow) to a wrapper script which starts a screen session and detaches. later you can send commands to the server console with screen (e.g. quit, _restart, other commands).

Peace

I'd personally never EVER recommend giving root access to php. Security concerns (do you launch srcds with root??)

[css]

jpcaissy Wrote:I'd personally never EVER recommend giving root access to php. Security concerns (do you launch srcds with root??)

Give me three reasons why not?

I bet you can't. You've heard running programs as root is bad idea, but I don't think you know the reasons.

Let me give three reasons why it doesn't matter to run srcds or PHP in this case as root:

1. Srcds doesn't have known vulnerabilities
2. Running PHP as root on a dedicated server doesn't allow restricted web users to exploit the server any easier than normal apache controlled PHP
3. Exploiting the restricted user having access to PHP/srcds is as disastrous as exploiting it through root access - you lose either way.

In this case BehaartesEtwas already pointed out that doing sudo with proper configurations doesn't risk the system security. That'd be my approach.

@camaron
If you get it working, could you post here the details how you did it. Time to time people ask the same thing.

[camaron]

That's right, never EVER give root access to php or srcds. Write that on a postit note and stick to your monitor.

I said give php sudo access to a wrapper script, and sudo doesn't mean root access: let apache run exactly one command (your script) as another user, not root. E.g. let apache run /opt/yourserverscript as users paco, pepe and pedro, which are users who have srcds installed in their home dirs.