4

So I've got a PHP script thats capable of executing Python commands (to control GPIO), thanks to the users of StackExchange. My previous question here.

Now I'm able to control the GPIO pins from a script hosted in Apache2 of the Pi. This was done by adding the user www-data to the sudoers file. I'm planning to PORT-FORWARD my router so that I can control my Pi through the internet.

Although I hear everywhere that this approach is not recommended, I am unclear about the possible security issues in doing the same.

Community
  • 1
Krish
  • 237
  • 1
  • 3
  • 8

1 Answers1

7

Cross site-scripting could allow someone to become root by tricking your server into running a command possibly destroying your Pi. Instead you should make a group with

 addgroup gpio

then give access to GPIO pins

 chown -R root:gpio /sys/class/gpio

then add www-data to gpio group

 adduser www-data gpio

Finally, remove www-data from sudoers!