I know that there are a lot of similar questions already on the website or even in the another ones but I didn't get the solution even looking for all the information of this questions.
From PHP code, I'm trying:
exec('/etc/init.d/apache2 restart');
And on my sudoers file, I added the following line:
www-data ALL=(ALL) NOPASSWD: ALL
I tried a lot of combinations here like for exaple creating Cmnd_Alias but nothing works.
If I execute this exec, I get "Restarting apache2 (via systemctl): apache2.service failed!". And If I execute this exec command but with sudo, I get an error "Failed to restart apache2.service: Interactive authentication required." (seen on apache error.log). I have seen this error from browser console because I'm running the code from an AJAX post.
But if I try from the cmd, this command ask for a password (I don't understand why if I added the line I explained before on sudoers file):
sudo -u www-data /etc/init.d/apache2 restart
And of course if I add sudo, it works:
sudo -u www-data sudo /etc/init.d/apache2 restart
So I really don't know what is wrong here. If someone can help I will appreciate it because I am quite lost...
Regards
Related
I am working on a multi-tenant package Hyn/Multitenant for laravel and after creating a tenant I need to restart apache2. Within the package, I have a command as:
apache2ctl graceful
But when this command executes, it throws an error that it can't bind to the port.
So far I have a tried editing visudo with this command:
www-data ALL=(ALL) NOPASSWD: /etc/init.d/apache2 restart
But it still throws error that it can't bind to port 80.
php exec() method may help you -
exec("/etc/init.d/apache2 restart");
http://php.net/manual/en/function.exec.php
I get this error when running a program from www-data.
Error
sudo: no tty present and no askpass program specified
But I have added the following to sudo visudo
www-data ALL = NOPASSWD: /var/bin/poppler-0.65.0/build/utils/pdfimages
The path /var/bin/poppler-0.65.0/build/utils/pdfimages is correct.. I have tested it from a terminal.
Command
sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list
data/scan_voucher/17.pdf
As you said that already setting up sudo visudo correctly, I will first take a look at Tarun Lalwani links, specially the part about disable requiring tty in your sudoers :
Defaults !requiretty
Try to do the same command but with flag -S actived (sudo -S yourcommand)
The -S (stdin) option causes sudo to read the password from the
standard input instead of the terminal device.
If it doesn't work for you, you can try a trick that seems to work like this one (from here):
echo '' | sudo -S your_command
That will send an empty password to first prompt to enter password.
How are you executing this from PHP? Try with:
#exec("sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list data/scan_voucher/17.pdf");
Hope that it helps!
I'm trying to get nightmarejs to work on my centos server and was able to do so by running xvfb-run however I need to call this command via a php exec() function.
when I do I'm just getting an empty result as though it doesn't work?
When I run it via command line (i.e. xvfb-run node my-script.js) everything works great. Any idea why it doesn't seem to work or be available to my php script?
Although Cono's answer does work, it is less secure as it gives YOUR_USER access to wheel, making YOUR_USER an administrator.
Instead, create a file in /etc/sudoers.d (RHEL/CentOS) with contents like: (presuming YOUR_USER is apache)
# Allow apache to run xvfb-run
Defaults:apache !requiretty
Defaults:apache visiblepw
apache ALL = NOPASSWD: /usr/bin/xvfb-run
This way, if the apache user is compromised they can only run the xvfb-run command.
(Answer thanks to ThirdNode)
Ok i figured it out. Basically, sudo access has to be granted for xvfb-run in order to call it via an executable script in php. To do so, log into terminal and do the following:
# sudo visudo
Make sure the wheel group is uncommented
%wheel ALL=(ALL) ALL
This means that users added to the wheel group will have access to call sudo commands
At the bottom of the file, grant your user access to the script
YOUR_USER ALL = NOPASSWD: /usr/bin/xvfb-run
Save your file and add your user to the wheel group
usermod -aG wheel YOUR_USER
finally, from your php script you can now call xvfb-run via sudo
<?php exec('sudo xvfb-run node my-script.js'); ?>
I am running CentOS 6, as httpd is executed as user 'apache'. For security reasons, I want to use sudo to be executed via exec as user 'aq':
<?php exec("/usr/bin/sudo -u aq somescript.sh",$output,$return_val);?>
With visudo I have added the following line:
apache ALL = (aq) NOPASSWD: ALL
Furthermore I temporary gave apache as login shell (/bin/bash), to be able to test
/usr/bin/sudo -u aq somescript.sh
directly which worked.
php exec fails as $return_val delivers a '1' if sudo is invoked.
Comment out this line from /etc/sudoers
Defaults requiretty
I'v tested your case in few ways ant this one gives me success.
Well, i have this program i need to run via either functions however it is located on my dekstop (this ubuntu 11.04).
I moved it to /home/Username, but no dice.
I run
$blah = exec('sudo | echo mypassword | /home/server1/program commandhere', $test);
var_dump($test);
var_dump($blah); ?>
The output is nothing.
I was told if i wanted to run it via sudo i needed to add the Apache user which is www-data to the sudoers list, i added it, but no luck again.
Basically, i've tried A LOT of things, it just wont run. Why?
EDIT:
If i paste that into the terminal it works great, just not with exec,system nor passtrhu.
Use echo mypassword | sudo -S instead.
It also depends on which user has sudo privileges. If you want to run this from the apache process, you need to give the apache user sudo privileges as well.
Also, just to clarify, the command should be:
echo mypassword | sudo -S /home/server1/program commandhere
Look into your security log. Not sure where this is on Ubuntu, possibly /var/log/secure or /var/log/messages. I'm betting that you find a message there similar to sudo requires a TTY, or sorry, you must have a TTY to run sudo indicating that sudo is configured not to work without a real interactive shell. That is, sudo won't permit you to use it in a script or to be called by an external program.
I recently dealt with this issue myself while trying to bind a Gnome keyboard shortcut to a sudo command.
If this is the case, you'll need to comment out the following line in /etc/sudoers
#Defaults requiretty