The "old-school" way of doing this - and this approach is still perfectly good, assuming you haven't done anything strange with the "mount" command for your current partition - is to create a compiled program that does just that one thing (i.e., start ntpd) and is set as 'chown root:www-data myprog; chmod 4750 myprog' - meaning that only users belonging to group 'www-data' (or the root user) could execute it, and that it was run as root (SUID). Then, that program is executed by the CGI program as appropriate. This is fairly secure, and works well.

I tried running with sudo but without success.

What was the error?

Have you configured sudo appropriately, granting the apache user the respective permissions?

It returns me code 256. for example: my $val = `/etc/init.d/ntpd start`; The value of $val is 256.

I don't see you using sudo anywhere... (that would be sudo /etc/init.d/ntpd start).

To avoid having to mess with entering passwords, it's probably best to make use of the NOPASSWD: option, e.g. something like (in /etc/sudoers):

apache localhost = NOPASSWD: /etc/init.d/ntpd
[download]

(see man sudoers for the details)

If an error occurred, its code will be found in $?, not $val. Moreover, the exit status will be found in the high byte:

$? >> 8
[download]

As an aside, if you are running this on a Red Hat derivative, this could be an selinux issue. See thread "Premature end of script headers more annoying than usual . . ." for suggestions on determining if selinux is the source of the problem.

No it ca'nt run periodically, cos I need the command to be executed immediately when the user clicks on buttons in the cgi script.