I have made a button on wordpress and linked it to a linux backend script.
This gives me no error, and the default user output is "www-data"
#!/bin/bash
whoami
touch file
But I want to trigger a git commit using my local user through this script.
#!/bin/bash
sudo -u my_username -p my_password -H sh -c "cd /var/www/html/forcetalks_new/; /usr/bin/git add . ; touch test_file"
This is neither touching the file not adding the files. I wonder what could be the possible reason. And any other solution is welcomed.
PS. I tried using GIT commands in the first script after giving GIT sudo permissions to "www-data" and that didnt work as well.
Try the first script approach with:
#!/bin/bash
sudo -u my_username -p my_password -H sh -c "/path/to/script > /path/to/log 2>&1"
So a script calling a script:
#!/bin/bash -x
whoami
git status
git add .
touch file
The goal is to see what is going on with /path/to/log, thanks to the bash -x option (and the git status command)
Note that if you want to add "file" itself, you should touch the file first, then add.
Note also that a git commit might be needed at some point to actually persist those changes in the Git repository
Related
I am trying to implement simple backup feature of some directories (mainly directories in /etc) which is handled by laravel. Basically I store .tar archives containing specific directory files.
This is a command used to create a backup archive of a single directory:
shell_exec("cd {$backupPath} && tar -cf {$dirName}.tar -P {$fullPathToDir}")
This is a command to restore directory from a backup archive:
shell_exec("cd / && sudo tar -xf {$backupPath . $dirName} --recursive-unlink --unlink-first")
For test reasons I let http user run sudo tar, however my initial idea was to create a bash script that will handle that, and add it to sudoers. Running command or shell script gives same errors.
The problem is if I run it through php I get errors like this:
Cannot unlink: Read-only file system
But, if i run it from command line, it works:
su http -s /bin/bash -c "cd / && sudo tar -xf {$backupPath . $dirName} --recursive-unlink --unlink-first"
Running this both on full archlinux system and archlinux docker container gives me same results. I would appreciate any kind of help.
So issue was with systemd unit for php-fpm 7.4, where ProtectSystem was set to true, after commenting it out, everything worked as expected.
sed -i 's:ProtectSystem=full:#ProtectSystem=full:' /usr/lib/systemd/system/php-fpm7.service
The following install.sh script file automate the installation of my Laravel dependencies inside a container:
#!/bin/bash
LOGFILE=/tmp/install_diario_$(date +"%Y%m%d%H%M%S").log
[ -f ../.env ] || cp ../.env.docker ../.env
function error {
echo -e "\e[31m\e[1m[ERROR]"
echo -e 'See' $LOGFILE 'to more information\e[0m'
exit 1
}
function ok {
echo -e "\t\e[32m\e[1m[OK]\e[0m"
}
function installed {
echo -e "\t\e[29m\e[1m[OK]\e[0m"
}
echo '[+] Installing PHP packages'
composer install -d "/var/www/html" 2>> $LOGFILE >> $LOGFILE
if [ $? -eq 1 ]; then
echo '[!] Configuration Aborted. Exiting...'
fi
echo '[+] Generating app keys'
php ../artisan key:generate #2>> $LOGFILE >> $LOGFILE
php ../artisan passport:install #2>> $LOGFILE >> $LOGFILE
echo '[+] Populating database'
# cd .. && make resetdb
echo '[+] Backend installation sucessfull.'
echo ""
php ../artisan passport:show
echo '[+] Front-end install'
npm install 2>> $LOGFILE >> $LOGFILE
However, I don't want to run this manually, but while the container is starting. So I tried using the following commands in my Dockerfile:
WORKDIR /var/www/html/docker
ADD install.sh .
RUN chmod +x ./install.sh
CMD ./install.sh
Obs.: the script is inside a folder called docker
But when I run docker-compose up --build -d my container exits after a few seconds (when the script is done).
I tried looking for solutions but none worked for me (e.g. including /bin/bash in the end of my script).
Does anyone know if this is actually possible to be done, or should I just tell my workmates to run this script manually with docker exec -it <app_id> install.sh?
The problem here is the following line in your Dockerfile:
CMD ./install.sh
Indeed, your script overrides (ie is called in place of) the default php-fpm command.
Solution 1: add a line at the end of your install.sh script to invoke php-fpm
exec "php-fpm"
CAVEAT: php-fpm MUST NOT be launched as a service, it must run in the foreground to keep the container up and running.
Solution 2: implement a custom entrypoint that launches the install script
Remove/comment the CMD line from the Dockerfile
Implement the customized entrypoint script.
Eg:
In the Dockerfile:
# Don't override COMMAND, use the default one
#CMD ./install.sh
COPY entrypoint /usr/bin/
RUN chmod +x /usr/bin/entrypoint
ENTRYPOINT /usr/bin/entrypoint
And the entrypoint script:
# Run the install script
/path/to/install.sh
# Execute the default command, ie php-fpm
exec "$#"
*NB: Here is the minimum basic working code, feel free to customize/enrich this example - using the official docker php entrypoint for instance.
To a docker container, there is no distinction between its first start up from the consequence start unless you put some kind of file in a mounted volume.
What you probably want is a start up script that knows if this is the first start, run the install script, then remember to not run it again.
So besides your install script, you should probably have a start up script like this:
#!/bin/bash
# Assuming you mount this folder to your host system
MOUNTED_VAR=/var/run/laravel
# Only run the install on first run
if [ ! -f $MOUNTED_VAR/installed ]; then
./install.sh
fi
# Some command to start the service, for example
systemctl start php-fpm
In your docker file, you need to also include this
script to start.
WORKDIR /var/www/html/docker
ADD install.sh .
RUN chmod +x ./install.sh
ADD start.sh .
RUN chmod +x ./start.sh
CMD ./start.sh
Firstly, we wanna move the changes from one system to another system and for this, we have a shell script in synchfolders.sh file as follows
rsync -av --delete -e 'sshpass -p Wordpress#123 ssh -p 22' root#192.168.2.94:/var/www/html/prosync/wp-content/plugins/ /var/www/html/devsync/wp-content/plugins >> /var/www/html/devsync/wp-content/mysynclog.txt
and we want to execute this shell script in PHP file by shell_exec()
and while executing this PHP file from a browser other than rsync command, all are executing but the rsync is not executing. We have searched the stuff in SO and we got the link php exec() rsync ssh to remote server not working
as said here, we have tried the PHP file execution from the command line and works perfect but not through the browser. Why, Please let us know where we did a mistake. Thanks in advance
Enter the full path of rsync command:
/usr/bin/rsync -av --delete -e 'sshpass -p Wordpress#123 ssh -p 22' root#192.168.2.94:/var/www/html/prosync/wp-content/plugins/ /var/www/html/devsync/wp-content/plugins >> /var/www/html/devsync/wp-content/mysynclog.txt
So here's what I'm trying to do. I'm trying to start a binary under another user, via a PHP script. Apache has sudo access. The command works fine when ran via putty logged in as "test".
passthru('bash -c "sudo -u test cd /home/test/cs/ ; ./hlds_run"');
also might I add that
passthru('bash -c "sudo -u test ./home/test/cs/hlds_run"');
Won't work because of how the binary is written (it won't find it's resources unless you cd to the folder before, tested on terminal)
If everyone has access to /home/test/cs:
passthru('cd /home/test/cs && sudo -u test ./hlds_run');
If only the user test has access to the directory:
passhtru('sudo -u test sh -c "cd /home/test/cs && ./hlds_run"');
To arrive at the second invocation, you should already be familiar with system vs execve semantics (used by passthru and sudo respectively).
This is the tested shell string we need to run as a specific user:
cd /home/test/cs && ./hlds_run
We can ensure that it always runs as a specific user with sudo, but sudo uses execve semantics. We have to convert our shell string to an execve array, and since this command A. relies on shell functionality like cd and B. does not include dynamic values, the best way to do this is to simply invoke a shell to interpret it verbatim:
{ sh, -c, cd /home/test/cs && ./hlds_run }
We can now apply sudo to run as our specific user:
{ sudo, -u, test, sh, -c, cd /home/test/cs && ./hlds_run }
passthru runs as a shell, so now we have to convert the execve array above back into a shell string, taking extreme care with quoting to ensure the shell will parse it into the exact argument list above. Fortunately this is a relatively simple case:
sudo -u test sh -c "cd /home/test/cs && ./hlds_run"
We can now give it to passthru:
passthru('sudo -u test sh -c "cd /home/test/cs && ./hlds_run"');
Have you try this? (make sure if you have exec right for hlds_run)
passthru('bash -c "sudo -u test && /home/test/cs/hlds_run"');
After a lot of searching, I'm about to tear my hair out on this one and solution might even be dead simple but I've just overlooked it...
I'm trying run a shell script from PHP to git add -A and commit everything in the repository when a button on a web UI is clicked.
<? php
$commitMsg = 'foo';
$output = shell_exec('/Applications/MAMP/htdocs/gitlist/bash/gitlist-commit '.$commitMsg);
#!/bin/bash
cd /var/www/html/development
sudo -H -u username git add -A
sudo -H -u username git commit -m $1
It works on my MAMP/OSX setup, but not on my Ubuntu LTS box. What might I have overlooked?
On the server, I get returned, which I'm guessing means that the git add -A command is just not working. Am I right?
It also works when running directly from the terminal, but not when running via the web UI.
On branch master
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)
modified: README.md
no changes added to commit (use "git add" and/or "git commit -a")
Any help would be appreciated.
try git add .; git add -u as this will accomplish the same thing "adding all files" but is a potential workaround based on your shell setup.