My php code runs a shell file, which opens a tmux session and runs a node.js bot. And when I write this code as php phpfile.php from the terminal, it works, but when I enter phpfile.php from the browser, it does not work. As far as I understand, the problem is with the permissions of the apache user, but it does not work even though I have given him all kinds of permissions. When I try the command sudo -u apache tmux new -s node I get the result [exited]
php code:
<?php shell_exec('bash ./tmux.sh'); ?>
shell code:
tmux new -s node
tmux send-keys -t node.0 "node ./js/bot.js" ENTER
Note: i added apache user to visudo like apache ALL=(ALL:ALL) NOPASSWD: ALL
Note 2: i run this in aws ec2 server using aws linux
if you are using an operating system that uses the security layer SELinux. Please try to turn it off or try writing a rule to it.
I always turn it off.
nano /etc/selinux/config
SELINUX=disabled
Related
I am unable to run a bash script using sudo with the shell_exec() function in PHP. I get an error saying:
Sorry, user apache is not allowed to execute '/bin/bash /var/www/html/private/createFTP.sh' as root on test.server.com.
PHP:
shell_exec('sudo bash /var/www/html/private/createFTP.sh 2>&1');
Visudo:
apache ALL=NOPASSWD: /var/www/html/private/createFTP.sh
If your web server is in chroot jail then that will cause this type of error. If you are running a chrooted server, make sure you mirror across your /etc/sudoers file to the jail filesystem too and adjust for the chroot directory structure when setting up sudoers file as well as your script will have moved once you are in chroot. Also check you have the sudo libraries and executable in the jail filesystem as well.
I've been at this for two days now and haven't been able to find any way (good or bad) of doing that to work.
I have to be able of dynamically mounting drives over network from my website's pages (that part is inevitable).
I have no problems doing it directly on the console with the following command
mount -t cifs //IP-REMOTE-MACHINE/Folder -o username=username,password=password /mnt/share
Obviously trying to just do a shell_exec() of this command wouldn't work with no root rights.
I tried to shell_exec() a script in which I would switch to root user (via su or sudo mycommand) but both of them wouldn't work (never been able to succeed in doing a script who would automatically switch my user to root even with the root pwd hard coded (even if that feels an extremely bad idea I could have accepted that atm).
After that I tried to use pmountbut never found a way to access to a remote shared file (don't think it's even possible but I may have missed something here?)
All that is running on a Debian machine with apache2.
I have a wild idea...
You could set a cron to run as root that checks for mount commands from your script. The script would simply set a mount command to be processed, and when the cron gets to it, runs the mount, marks the command as processed, and writes to a log file which you could then display.
It's not safe to run sudo commands with www-data (the user for web servers in Debian).
But if you want to run sudo [command] in a php script, you must add the user www-data in sudoers: http://www.pendrivelinux.com/how-to-add-a-user-to-the-sudoers-list/
And then you can exec: sudo mount ...
EDIT: It's safer to add in visudo:
www-data ALL= NOPASSWD: /bin/mount
To allow www-data to use only sudo /bin/mount
I have meshlab installed in my machine running Ubuntu 14.04 OS. I can access it from command line using meshlabserver command. But problem arises whenever I try to call it from a php script using the command
<?php
system('meshlabserver 2>&1');
?>
It shows the error meshlabserver: cannot connect to X server. After going through a few websites I did the following things:
I moved the meshlabserver executable from /usr/bin to /usr/local/bin and gave it executable permissions using
sudo chmod a+x meshlabserver
But when I ran the whoami command from my php script (calling the meshlabserver), it showed www-data. So I gave executable permissions for all users to the meshlabserver using
sudo chmod 777 /usr/local/bin/meshlabserver
But still it is showing the same meshlabserver: cannot connect to X server error. meshlabserver comamnd is working fine when ran from the command line.
I really need to call meshlab from the php script for my website. Thus any help would be highly appreciated. Thanks in advance.
It seems the php script can't access your display variable. If you logged in via ssh remember to tunnel your X-server via 'ssh -X ...' Your second option is to create a virtual frame buffer using Xvfb and redirect the display variable to it:
export DISPLAY=:100.0
Xvfb :100 &
Note the ampersand for the second command as Xvfb needs to be running in the background.
a combo of prior answers works for me:
ssh -X, as well as export DISPLAY=:0.0 (on remote)
I have a working shell script using killall to kill all instances of a program like below:
killall abc
Now, I write a php webpage to execute this script using shell_exec function:
shell_exec('sh ./myscript.sh');
Problem is that my php code works correct on commandline with "php myscript.php", but not works in browsers!. However, I know that the user in commandline is "root" and in php is "apache" (I get this with 'whoami').
The linux distribution is Centos 6 which uses SElinux. I changed the status of selinux to permissive.
Things I've checked:
PHP safe_mode is off
shell_exec() is not present in disable_functions in php.ini
Is there a way to run scripts with kill command using php?
Thank you for your help.
you either have to run apache as root (insecure) or, which would be much safer, you have to run the commands you try to kill as 'apache', or you configure your sudoers file to grant apache rights to killall command:
# vim /etc/sudoers
apache localhost=(ALL) NOPASSWD:/usr/bin/killall
and then change the myscript.sh to do sudo killall abc
I need to execute a bash file from a php page, with exec() function. The problem is that in this bash file, there's the command "adduser" ... Witch is a sudo command. I had the idea of modifying the sudoers so the user that run the script would have access to it, but who is this user ? I know apache2 is executated with www-data user...
Thanks!
You can find out which user PHP is running as by using system to run the command 'whoami' and display the output.
system('whoami');
That seems like a rather bad plan, giving the www-user sudo access. But yes, its www-data (by default, depending on linux flavor) that apache runs under.