having a small issue here.
Already tried many approaches I found on the web to resolve this, didn't get it to work so far.
I am trying to execute a server-side Linux Bash Script when a Button on a static HTML side is clicked.
It just doesn't work.
My setup is a nginx webserver running on ubuntu, got a static HTML page with PHP code within it:
Ubuntu Version: 18.04.2 LTS (Bionic Beaver) /
Linux Version: 5.4.0-42-generic /
Nginx Version: nginx/1.14.0 (Ubuntu) /
PHP Version: 7.4.11
Bash Script is stored in the same folder as the index.html for the website (/var/www/website).
For testing purposes, gave ownership if the script file to the user www-data and even gave full access to all users to the file (chmod 777 script.sh),
script file is also definitely executalble.
Also this works perfectly fine:
sudo -u www-data php -r "shell_exec('bash script.sh');"
PHP Code within the HTML file:
<?php
shell_exec('bash script.sh)';
?>
Tested with some echo's that this part gets executed. Also looks good.
But the script is never running ..
Would very much appreciate any hints, as you may be able to tell, my web skills are as bad as my scripting skills ;)
Thanks a lot and best regards
Juls
Is the shellscript executable without sudo? Maybe try
chmod +x script.sh
Related
i am ubuntu user.. i have a command in php that exec a python file.. the python file is set to executable.. so, my php command is:-
shell_exec("try.py");
the python file is located at desktop.. but the php file is located in www folder..
/var/www/try.php
in the try.py, i have a code to rename a file on the desktop as follow:-
print "enter"
os.rename("a.txt", "b.txt")
print "exit"
so, the try.py and a.txt are in desktop..
my problem is, when i execute the php file, it shows the "enter" only but not with the "exit".. so i guess it cannot execute the os.rename maybe because of the root privilege or anything that i dont know.. i have tried some solutions to disable password for sudo but still i didnt show the "exit".
but, if i execute the try.py directly by double click it on the desktop and execute it, the command can be done and the output shows:-
enter
exit
so, anyone knows how to execute it using php?
You can directly rename files in php using the rename function.
rename($oldname, $newname);
The problem is when you are doing os.rename("a.txt", "b.txt") it is looking for a.txt in the directory from where the application is running (so it is looking for a.txt in /var/www/.
You should give both a.txt and b.txt the full path:
os.rename('/home/user/Desktop/a.txt', '/home/user/Desktop/b.txt')
You will also have to make sure that www-data (or whatever user is running Apache) can write to the Desktop directory; however from a security perspective this is a very bad idea - any script running on the server can read the contents of your desktop (and even delete the files).
finally, i got the solution..
to be able to rename the file in desktop using os.rename, we need to edit some of the configurations in sudoers..
it involved some steps in visudo and also the php script..
in visudo (using command "sudo visudo" in terminal:)-
#user privilege specification
root All=(ALL:ALL) ALL
www-data ALL=(ALL:ALL) ALL
#includedir /etc/sudoers.d
ubuntu ALL=(ALL) NOPASSWD: ALL //use your username.. mine is ubuntu
www-data ALL=(ALL) NOPASSWD: ALL //the place where i put the php file
in php file:-
<?php
$output = exec("sudo python /home/ubuntu/Desktop/[filename.py]");
?>
for python file is just the same..
os.rename("a.txt", "b.txt")
ok.. that is the solution.. now i can run the python script which it will change the name of a file in desktop from php..
Thank you for all the comments and suggestion for the solutions.. =))
You need something like:
my_dir = os.path.dirname(os.path.realpath(sys.argv[0]))
That will equate to the directory try.py is actually in.
Then you can execute:
os.rename(os.path.join(my_dir, 'a.txt'), os.path.join(my_dir, 'b.txt'))
As mentioned above, this isn't necessarily a great idea from a security PoV though, since you have to grant write permissions to the php script.
I also usually put the my_dir code in an if sys.argv[0]: so that I can still debug from python REPL:
if sys.argv[0]:
# running as executable
my_dir = os.path.dirname(os.path.realpath(sys.argv[0]))
else:
# imported into interpreter
my_dir = '.'
That way I can still import the module into REPL to debug it, as long as I'm in the same directory as the file in question.
I have a php file with an exec() function that executes some unix commands when I do this: php file.php on terminal, but now I need to do the same from URL on the browser, that is: localhost/file.php
So, how can I achieve this?
It sounds like you need a web server. It's a huge topic so it can't be covered here.
However. If you just want to run a simple PHP server, try
$ php -S localhost:8000
From the root directory of your PHP application. It should be accessible in your browser by going to localhost:8000. Or to make it accessible on any interface:
$ php -S 0.0.0.0:8000
Note that this only work for newer versions of PHP (>=5.4).
Thanks for your answers. The problem was that the files which I used in the commands inside exec() were outside of the /var/www/html directory and apache was complaining about permissions and after I had to give them permissions with the chown command.
This is driving me nuts.
I've reduced my problem to this: I have a simple file 'test.php' that invokes a php file (this is from a bigger application, so in fact we need to execute many php scripts from a main script):
<?php
exec("php /var/www/setActive.php 273 1 2>&1",$arO,$nO);
echo $nO.'|'.implode(',',$arO);
The original path for setActive.php is way longer, I shortened it for this example.
Now, if I try:
[root#stg]# sudo -u apache php test.php
I get:
0|
Great, this means the setActive.php script ran smoothly.
Now, if I try it from a browser or from curl:
[root#stg]#curl http://my.url/path/test.php
This is what I get:
1|Could not open input file: /var/www/setActive.php
I already reviewed all the permissions. Apache user has access to all directories and files.
This was working ok in another server. I reviewed the php.ini files and there is no difference between them.
Maybe is a option that I'm not seeing, or an apache config option. I'm ran out of ideas.
Please help me!
Thanks in advance.
I have Linux, Cent OS. PHP 5.3.23
If permissions etc.. are all ok, possibly the apache config. in your setup has the 'ChrootDir' set:
http://httpd.apache.org/docs/2.2/mod/mpm_common.html#chrootdir
This uses the syscall chroot() and the view for '/' dir for that process starts from this setup dir, and hence everything should be relative to it.
I am trying to run a .sh file from php.
I tried doing it with shell_exec(). but its not working
I refered many questions related to this in stack overflow but could not solve
my php code is(web.php)
<?php
echo shell_exec('/var/www/project/xxe.sh');
echo "done";
?>
only done is printed. but it is working from terminal(php /var/www/project/web.php)
In xxe.sh I am calling a python file
python vin.py
I have also changed the file permission to 777 for both .sh n .py files
please help
If you say it works on the terminal and not on apache then apache's php.ini file may be disabling the use of shell_exec().
See http://www.php.net/manual/en/ini.core.php#ini.disable-functions
Your apache's php.ini file may look something like
disable_functions=exec,passthru,shell_exec,system,proc_open,popen
Remove shell_exec from this list and restart the web server, although this is a security risk and I don't recommend it.
shell_exec might not know what directory to look in for your executable's location directory. What solved it for me was this before the shell_exec:
putenv('PATH=/usr/local/bin');
Then the terminal can find the executable. Also check permissions on every part of the command to make sure apache user has read and execute permissions.
If it works well in shell, I think apache is chrooted. So php can't find /var/...
Or user of httpd user does not have permission to enter /var/...
If you are good at PHP. Open dir /var/... And readdir() and check dir exists and check file exists.
This question might help you. scanning /home/ with opendir()
The problem is usually that when you exec code from within php it is run as the webservers user www-data in alot of linux distros. Normaly this user does not have an enviroment set up, and because of that no PATH. By using full paths in your files you can usually overcome this.
xxe.sh
/usr/bin/python /path/to/script/vin.py
While trying to run a script triggered by github post-receive webhook.
Here is where my project directory is located(cloned git repo):
/var/www/html/my-repo
I create a script inside the above directory called webhook.php:
<?php
#webhook.php
$cmd = shell_exec("git pull 2>&1");
#for debugging
echo $cmd;
?>
Execute the following command inside /var/www/html
sudo chown www-data:www-data -R my-repo/
Test it by going to http://www.myserver.com/my-repo/webhook.php
Add the path to your script to github webhooks.
I have been stuck in this problem for several hours.
I have thought about a solution.
1. move your script to a python file "script.py" and place this file to your server root.
2. shell_exec("python script.py");
Any way, it works for me.
On my host I had to give a different path for my php file to be executed from shell_exec().
This didn't work shell_exec('/usr/bin/php backgroundtask.php');.
While this did shell_exec('/opt/php/php-5.5.0/bin/php backgroundtask.php');.
You can visit this Reference.
I had the same issue because PHP backslashes.
PHP escapes the backslashes, so the command that reaches the shell
'COPY E:path1\path2\file.prn /B \127.0.0.1\"PRINTER NAME"'
so I gave command like this
'COPY E:\\path1\\path2\\file.prn /B \\\\127.0.0.1\"PRINTER NAME"'.
You have to double-escape the backslashes: once for PHP and once for the shell.
As a customer in Plesk, I am attempting to run:
php -q /httpdocs/_external/export/test.php
From this tutorial: http://daipratt.co.uk/crontab-plesk-php/
I'm receiving the error
"php: command not found"
Is there something I need to enable from the main user or a different command I would need to use to run the script?
(also tried /bin/php with no luck, there is no php file in that dir)
"which php"
-/usr/bin/php
(when I use this dir I also get "no such file or dir" I guess since when I use / it's pulling from the customers root not the server root)
This answer will help you. My understanding is that Cron runs everything relative to itself, so you should always use absolute paths when running something from Cron.
Good luck, and happy holidays!