I am using ubuntu server 20.04 LTS, where I have multiple shell files, using php from apache I need to run multiple shell files from a browser but need to run as root.
I have tried the command shell_exec and added sudoers (www-data) and none works, which I can put in the code to enter as root and be able to execute the shell script.
<?php
$code = shell_exec('echo "passwd" | sudo -u root -S sh /home/user/name.sh');
echo "<pre>$code</pre>";
?>
Because your are executing this script as www-data and www-data doesn't have the required privilege to execute any sudo commands.
You can try the following steps.
Modify www-data in /etc/sudoers to be able to execute a script as the superuser. This is a sensitive file and you have to use visudo as the editor to make the changes.
$ sudo visudo -f /etc/sudoers
www-data ALL=(ALL) NOPASSWD: /home/user/name.sh
This will allow www-data to execute the script as the superuser without a password.
In your PHP code change the command in your shell_exec() as follows:
$code = shell_exec(sudo sh /home/user/name.sh');
Make sure your name.sh is set up with proper file modes to protect yourself.
Related
I have a script which I want to call from my PHP code. The following is the script file I have:
listwifi.sh
sudo iwlist wlp1s0 scan | grep SSID
To this I've also given executable permission by using sudo chmod +x listwifi.sh
The following I've added at the end pf my sudoers file (using visudo):
apache ALL = NOPASSWD: /var/www/html/mypath/osscripts/listwifi.sh *
www-data ALL = NOPASSWD: /var/www/html/mypath/osscripts/listwifi.sh *
I had also tried with :
apache ALL = NOPASSWD: /usr/bin /var/www/html/mypath/osscripts/listwifi.sh *
www-data ALL = NOPASSWD: /usr/bin /var/www/html/mypath/osscripts/listwifi.sh *
I'm using the following PHP code to call this file:
exec(getenv('BASE_DIR') . "/osscripts/listwifi.sh", $output);
var_dump($output);
But I keep getting the following error:
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
How can I make PHP execute this file as root without having to enter the password?
Take the sudo out of the script and call the script as
sudo /var/www/html/mypath/osscripts/listwifi.sh
The sudoers configuration is for the command being invoked via sudo, not where it's invoked from...
I have created a file test.sh which looks like this:
#!/bin/sh
mkdir /testDir
If I run the script on the command line like: sudo /path/to/test.sh it successfully creates the directory.
I have added the sudo permissions like this in the visudo:
www-data ALL=NOPASSWD: /path/to/test.sh
and I am running the script like this in my .php file:
shell_exec('sh /path/to/test.sh');
But no directory is being created!
What am I doing wrong?!
Correct user for sudo permissions?
When I run shell_exec('whoami') on the php file I get:
www-data
Correct path to script from php?
I have tested the shell script by adding an echo statement like:
#!/bin/sh
mkdir /testDir
echo "hello"
And when I run the .php command like:
echo shell_exec('sh /path/to/test.sh');
the .php page returns
hello
I have also tried in the test.sh:
output=$( mkdir /testDir )
echo "$output"
but nothing is returned
Update
If I add this to the visudo:
www-data ALL=(ALL) NOPASSWD: ALL
it works!! But when I do:
www-data ALL=(ALL) NOPASSWD: /path/to/test.sh
It doesn't... As you know already know.
I have found a good way to debug by also changing the PHP to
echo shell_exec('sh /path/to/test.sh 2>&1 1> /dev/null');
and it returns the error:
sudo: no tty present and no askpass program specified
So I have tried:
adding Defaults:www-data !requiretty to the visudo but no luck!!!!
adding -t and -A to the sudo command... (ie sudo -t ...)
adding export SUDO_ASKPASS=/usr/lib/openssh/gnome-ssh-askpass before the sudo command and that then just leads to a whole new world of errors.
I have no idea about this requiretty as it does not seem to be anywhere on my ubuntu system. It is not mentioned once in the visudo?
I have spent too long on this!
Can someone tell me what the problems that I could come across if I did just do:
www-data ALL=(ALL) NOPASSWD: ALL
?
If
www-data ALL=(ALL) NOPASSWD: ALL
works, but
www-data ALL=(ALL) NOPASSWD: /path/to/test.sh
does not, then clearly the executed command does not match /path/to/test.sh.
And looking at your code, you are actually not invoking /path/to/test.sh:
sh /path/to/test.sh
You are invoking sh! With /path/to/test.sh as first argument, but still.
You either need to invoke the script directly (if that works):
shell_exec('/path/to/test.sh');
or update your sudoers file accordingly (note the full path of sh):
www-data ALL=(ALL) NOPASSWD: /bin/sh /path/to/test.sh
This worked for me: Added this to my ubuntu > sudoers file www-data ALL=/etc/path-to-my/script.sh
Hope this solves yours too
Some tips I would try:
try using exec instead of shell_exec
try disabling selinux if enabled
try to remove the /bin/sh prefix and use the shebang inside the script instead
become www-data (su www-data -s /bin/bash) and do your tests on the CLI
I hope this helps
I am running CentOS 6, as httpd is executed as user 'apache'. For security reasons, I want to use sudo to be executed via exec as user 'aq':
<?php exec("/usr/bin/sudo -u aq somescript.sh",$output,$return_val);?>
With visudo I have added the following line:
apache ALL = (aq) NOPASSWD: ALL
Furthermore I temporary gave apache as login shell (/bin/bash), to be able to test
/usr/bin/sudo -u aq somescript.sh
directly which worked.
php exec fails as $return_val delivers a '1' if sudo is invoked.
Comment out this line from /etc/sudoers
Defaults requiretty
I'v tested your case in few ways ant this one gives me success.
Under a controlled environment, I will try to execute some calls to shell, some of such commands will include sudo privileges.
I tried this php code line:
$out = shell_exec('sudo -u root -S ls < /home/user/.y/.qqz');
Where at last .qqz is a file containing actual password.
However apache log shows this output:
[sudo] password for www-data:
Like the password file is not being passed to the command stdi?
I already made www-data part of the sudo group. How can I get my objective done?
My command is
echo root_password | sudo -u root -S executable_full_path arguments
The error message I get in the browser is
[sudo] password for www-data: Sorry,
try again.
From phpinfo(), safe mode is off and there are no disabled functions. Why isn't this working? The same command runs fine in the shell (bash). Escapeshellarg and escapeshellcmd don't make a difference.
EDIT: Simply being able to execute the command is not enough. The program that gets executed creates a socket in /tmp, and needs to assign it permissions. So I think I really need to be root for this, is that possible?
As Álvaro suggested, I'm putting my comment as answer. Matt, this would make it possible to run that command as root.
#Matt, don't do that /etc/sudoers (btw, you edit this file with the visudo command, never directly). That way you are making possible that any sudo whatever command run by your web application is run by root, possibiliting a lot of fun for an attacker if he founds a vulnerability in your application.
If you would like to run just ONE command as root without need for passwords, put this in /etc/sudoers (remember visudo command):
www-data ALL=(ALL) NOPASSWD: executable_full_path
Then you are only allowing to execute just this command as root. Now you should be able to do
sudo -u root executable_full_path arguments
without need to type in a password (and it will run as root). Also, this is the only command the user www-data may execute as root using sudo, so it should not be dangerous.
You're echoing the root password when you should be echoing the password for www-data.
Use this on your /ets/sudoers
Example for run gconftool-2 :
www-data ALL=NOPASSWD: /usr/bin/gconftool-2
www-data ALL=NOPASSWD: /usr/bin/sudo
www-data ALL=NOPASSWD: ALL