You need a layer of abstraction to provide a little security at least!...

The way I do this is to write a simple UDP server* with root privs in Python which: watches out for incoming UDP packets on a given port compares them to a whitelist if they match carry out the operation

You then have a little bit of PHP that messages the Python server with pre-defined messages...

<?php
  $handle = fsockopen("udp://localhost",12345);
  fwrite($handle,"Start Script");
  fclose($handle);
?>

The python server watches for packets on port 12345 but just ignores any that aren't either "Start Script" or "Stop Script", as it runs as root it can happily start your bash script. You ABSOLUTELY MUST use white-listing though, it is REALLY NOT SAFE to send ANY input from a UDP socket to the command line directly!

Do note that UDP can be spoofed so if your firewall permits spoofed inbound traffic (it realy ought not to!) someone could send forged packets to your Python server and stop/start your service. This is unlikely to be a problem but if you can't fix your firewall and you want to guard against it you could rework the above using TCP/IP which can't be spoofed.

Roger Heathcote.

*It's a really trivial server to write ( ~20 lines ) but if you don't know how to then just message me and I will send it to you or post it here.