server side scripts run as root or a viable interactive way in php

i'm trying to find out the way to perform administrativa tasks in a local server as different scripts most of them having actions that require root permissions.

How can i execute these scripts with the least security impact?¿

I send some example scripts:

#!/bin/bash
if [ $1 == '-h' ];
then
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
  echo +                               Instrucciones                           +
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
  echo Para ejecutar el script hay que hacer cd hasta /var/www/scripts/server .. 
  echo ejecutar ----> bash crearhosts $dominio $dominio $dominio $status
  echo Se pueden poner tantos dominios como se quiera sin extensión salvo el último parámetro que ha de ser el tipo de site con los siguientes valores validos:
  echo localzone1
  echo localzone2
  echo localzone3
  echo +------------ejemplo-------------+
  echo bash domain domain domain localzone
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
  echo +                               fin                                     +
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
else 

    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+
    #+                               Variables                               +
    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+

    params=$*
    array=$(echo $params | sed 's/ /;/g')
    IFS=";"
    set -- $array
    sites=($array)

    base="/var/www"
    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+
    #+                               funciones                               +
    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+
    function hostconf(){
      case $status in
        aracne)
          cp /var/www/vhosts/template.ethings.com.conf /var/www/vhosts/$domain-aracne.ethings.com.conf  
          grep -Rl -e 'ethings/template' /var/www/vhosts/$domain-aracne.ethings.com.conf | xargs sed -i 's:domain/template:domain/'$domain'-aracne:g'
              grep -Rl -e 'template' /var/www/vhosts/$domain-domain.com.conf | xargs sed -i 's/template/'$domain'-aracne/g' 
          mkdir $base/$status/${directorios[0]}-aracne ; mkdir $base/$status/${directorios[0]}-dominio/${directorios[1]} ; mkdir $base/$status/${directorios[0]}-dominio/${directorios[2]}
              echo +---------------------------------------------------------------------------------------------------------------------------------------------+
              echo "+----------------------No OLVIDE AÑADIR EL DOMINIO "$domain"-domain.com para la 开发者_C百科ip xxx.xxx.xxx.xxx en su archivo hosts"
              echo +----------------------------------------------------------------!!!!!!!!!!!!!!!!!!!!---------------------------------------------------------+;;

        static)
          cp /var/www/vhosts/template.ethings.com.conf /var/www/vhosts/$domain.ethings.static.com.conf  
          grep -Rl -e 'ethings/template' /var/www/vhosts/$domain.ethings.static.com.conf | xargs sed -i 's:ethings/template:ethings/static-webs/'$domain':g'
          grep -Rl -e 'template.ethings' /var/www/vhosts/$domain.ethings.static.com.conf | xargs sed -i 's/template.ethings/'$domain'.ethings.static/g'
          mkdir $base/ethings/$status-webs/${directorios[0]}; mkdir $base/ethings/$status-webs/${directorios[0]}/${directorios[1]}; mkdir $base/ethings/$status-webs/${directorios[0]}/${directorios[2]}
              echo +---------------------------------------------------------------------------------------------------------------------------------------------+
              echo "+----------------------No OLVIDE AÑADIR EL DOMINIO "$domain".domain.com para la ip xxx.xxx.xxx.xxx en su archivo hosts"
              echo +----------------------------------------------------------------!!!!!!!!!!!!!!!!!!!!---------------------------------------------------------+;;
        *)
          cp /var/www/vhosts/template.domain.com.conf /var/www/vhosts/$domain.ethings.com.conf  
          grep -Rl -e 'template' /var/www/vhosts/$domain.domain.com.conf | xargs sed -i 's/template/'$domain'/g'
          mkdir $base/ethings/${directorios[0]} ; mkdir $base/ethings/${directorios[0]}/${directorios[1]} ; mkdir $base/ethings/${directorios[0]}/${directorios[2]}
              echo +-------------------------------------------------------------------------------------------------+
              echo "No OLVIDE AÑADIR EL DOMINIO "$domain".domain.com para la ip xxx.xxx.xxx.xxx en su archivo hosts"
              echo +-----------------------------------!!!!!!!!!!!!!!!!!!!!------------------------------------------+;;
      esac
    }

    #echo ${#sites[@]} +-------+ elements of array  +--------+
    for((count=0; count<$((${#sites[@]}-1)); count++))
    do
      directorios=("${sites[$count]}" "html" "logs")
      domain=${sites[$count]}
      status=${sites[$((${#sites[@]}-1))]}
      hostconf $status
    done
        /etc/init.d/apache2 restart
fi

As you can see this script must be run as root for it has many actions that require so

Another scriptt:

echo password | python /var/www/google_appengine/appcfg.py --passin --email=email update localapplicationurl

when i run it i get apache errors with permissions for appcfg.py even chmoding 4755 and visudoing to all all=nopasswd: urlscript/script

And other tries.

Sorry to post so many questions but i really need to be able to run many scripts so that people in my company can do it as web interface.

Thank you for your answer. Well is basically a plesk type panel personalized to my own needs. That includes creating samba configurations, vhost configurations, upload websites to remote servers and so download them, automating installation of databases on programmers needs, creating users groups, etc is a company with over 1000 domains i set four local servers for production we have scripts for uploading to cdn in google and amazon, etc. I have all this set up in independent scripts but need to somehow be able to get people do this in website interface. It would release a lot of work from me (i'm the only one doing this) and be able to concentrate on webservers optimizaton and others. So i need to do this and most scripts involve ssh conections over ssh to at least 30 different servers or downloading-uploading 100 minisites at once (ssh connections ftp etc), or running google cdn with python and sdk and else and else. Most of this having to be on behalf of users need that is get these domains from this server - give option to select them - select action - run upload-download-cleanremotecache-erasespecificfilesfolders-etc script.

That is the thing. The good thing about this is i can block total access to the server by iptables or by local specific mac addresses in servers confs, and so. It needs to only run in local and be able to run sripts that involve mostly root commands.

I just need to focus on best way to do it most things found in google don't work as spected, or similar. When i get the way of approach the rest is a matter of putting hands to it.

Sorry to extend myself so much but as you see i have a lot of things to do and my experience in computers and linux started a year ago.

I think that the real question here is if you really need to run those scripts as root from a web interface, that's extremely unsafe and not recommended.

You should log to the server and install them manually, then leave the web interface to install anything else that does not requires root access.

Anyway I think you can look for some time of solution to this over google, but it's not recommended and violates the general permissions design of linux.