I have a script which I want to call from my PHP code. The following is the script file I have:
listwifi.sh
sudo iwlist wlp1s0 scan | grep SSID
To this I've also given executable permission by using sudo chmod +x listwifi.sh
The following I've added at the end pf my sudoers file (using visudo):
apache ALL = NOPASSWD: /var/www/html/mypath/osscripts/listwifi.sh *
www-data ALL = NOPASSWD: /var/www/html/mypath/osscripts/listwifi.sh *
I had also tried with :
apache ALL = NOPASSWD: /usr/bin /var/www/html/mypath/osscripts/listwifi.sh *
www-data ALL = NOPASSWD: /usr/bin /var/www/html/mypath/osscripts/listwifi.sh *
I'm using the following PHP code to call this file:
exec(getenv('BASE_DIR') . "/osscripts/listwifi.sh", $output);
var_dump($output);
But I keep getting the following error:
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
How can I make PHP execute this file as root without having to enter the password?
Take the sudo out of the script and call the script as
sudo /var/www/html/mypath/osscripts/listwifi.sh
The sudoers configuration is for the command being invoked via sudo, not where it's invoked from...
Related
I am using ubuntu server 20.04 LTS, where I have multiple shell files, using php from apache I need to run multiple shell files from a browser but need to run as root.
I have tried the command shell_exec and added sudoers (www-data) and none works, which I can put in the code to enter as root and be able to execute the shell script.
<?php
$code = shell_exec('echo "passwd" | sudo -u root -S sh /home/user/name.sh');
echo "<pre>$code</pre>";
?>
Because your are executing this script as www-data and www-data doesn't have the required privilege to execute any sudo commands.
You can try the following steps.
Modify www-data in /etc/sudoers to be able to execute a script as the superuser. This is a sensitive file and you have to use visudo as the editor to make the changes.
$ sudo visudo -f /etc/sudoers
www-data ALL=(ALL) NOPASSWD: /home/user/name.sh
This will allow www-data to execute the script as the superuser without a password.
In your PHP code change the command in your shell_exec() as follows:
$code = shell_exec(sudo sh /home/user/name.sh');
Make sure your name.sh is set up with proper file modes to protect yourself.
I get this error when running a program from www-data.
Error
sudo: no tty present and no askpass program specified
But I have added the following to sudo visudo
www-data ALL = NOPASSWD: /var/bin/poppler-0.65.0/build/utils/pdfimages
The path /var/bin/poppler-0.65.0/build/utils/pdfimages is correct.. I have tested it from a terminal.
Command
sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list
data/scan_voucher/17.pdf
As you said that already setting up sudo visudo correctly, I will first take a look at Tarun Lalwani links, specially the part about disable requiring tty in your sudoers :
Defaults !requiretty
Try to do the same command but with flag -S actived (sudo -S yourcommand)
The -S (stdin) option causes sudo to read the password from the
standard input instead of the terminal device.
If it doesn't work for you, you can try a trick that seems to work like this one (from here):
echo '' | sudo -S your_command
That will send an empty password to first prompt to enter password.
How are you executing this from PHP? Try with:
#exec("sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list data/scan_voucher/17.pdf");
Hope that it helps!
I've a PHP exec command which starts a bash script in Linux Centos 7.2
#!/bin/sh
# \
mkdir /var/www/html/folder1/$1
useradd -g usergroup -d /var/www/html/folder1/$1 $1
The sudoers is configured this way. 'apache' is the Apache User and Group in my installation:
apache ALL=(ALL) ALL
apache ALL=(ALL) NOPASSWD: /usr/sbin/useradd
The mkdir command works as expected.
But the useradd command retrieves a 'permission denied' error even if I explicitly decleared in sudoers that the group/user apache has permission to execute useradd.
So How to solve this ? How to create a user which belongs to an already defined usergroup without getting 'permission denied' ?
I ended up setting full permissions to the useradd file this way:
chmod 7777 /usr/sbin/useradd
I don't know if this is safe enough anyway it worked.
I continue after this getting a secondary error like:
nscd: Only root is allowed to use this option
It is related to the user cache cleaning failed by the useradd module.
But at least the user at this stage is correctly added.
No idea at the moment if the failed cache flush could cause some other problems in the future.
EDIT: I had also to 1) do "chown root:root myscript.php" for my php script. 2) to put the bash script in /usr/sbin 3) make the bash script executable with chmod +x 4) execute it in php with : "sudo bashscript.sh" 4) and/or to add the /usr/sbin directory in sudoers security section
Under a controlled environment, I will try to execute some calls to shell, some of such commands will include sudo privileges.
I tried this php code line:
$out = shell_exec('sudo -u root -S ls < /home/user/.y/.qqz');
Where at last .qqz is a file containing actual password.
However apache log shows this output:
[sudo] password for www-data:
Like the password file is not being passed to the command stdi?
I already made www-data part of the sudo group. How can I get my objective done?
I want to create a file in PHP using shell_exec. Here's the statement I'm trying:
$out = shell_exec('sudo touch maintenance.flag 2>&1 1> /dev/null');
And contents of $out are
sudo: no tty present and no askpass program specified
I'm on Ubuntu 11.10, so I visudo to take a look at the sudo permissions. I set sudo to:
%sudo ALL=(ALL) NOPASSWD: ALL
but it's still not working. What are some things or alternatives I can try to resolve this?