I need to make a static page from the dynamic one with all assets downloaded and all the links converted to local ones and download it in some tmp folder. Like when you press Ctrl+S in a browser. I tried using wget with shell_exec:
shell_exec("wget -E -H -k -p http://youmightnotneedjquery.com/ 2>&1");
The problem is that it works perfectly when I run it from console, but when I use shell_exec, I get an error
Permission denied youmightnotneedjquery.com/index.html: No such file
or directory Cannot write to 'youmightnotneedjquery.com/index.html'
(No such file or directory).
As I understand, there is some problem with permissions, I tried to create a seperate directory
with some high permissions and www-data as owner and specify it in the command using -O flag, but I get an error that I can't use -k and -O flags at the same time. So I hope to solve that issue with permission, but I still have to specify the destination folder somehow. Or maybe there's a php solution without wget that I can use, as it seems not quite hard but a lot of work to do.
You may try something like
shell_exec("cd some_nice_dir && wget ...")
You may also want to read up on man wget as it has a lot to say about interferences between -O and several of the other options you specify.
Helped using -P flag and creating a folder with owned www-data
shell_exec("wget -E -H -k -p http://mysite.local/ -P some-temp-folder 2>&1")
Related
I'm trying to display my PIs temperatures in a website that I can access anywhere at any time.
So far I've been able to get the CPU and GPU temps working. However my HDD temp won't show in the browser. It works fine in terminal.
Here is a pic:
As you'll notice I didn't have the GPU temp showing either, however this was fixed by using the following command:
sudo usermod -G video www-data
I haven't been successful in getting this to work for smartmoxntools, though.
Does anyone know how to make it work?
Also, is it safe to have these in an external website? Can hackers inject php code to run shell commands using it?
in order to run some root privileged command in website, you need to put www-data in your /etc/sudoers to allow the www-data to run as root for the command, here is the line you need in /etc/sudoers:
www-data ALL=(root) NOPASSWD: /usr/sbin/smartctl
When executing under your web server, your script will probably have a different PATH configured, so it will run differently from how it runs in the Terminal.
Try putting the full path to smartctl in your script, e.g.
sudo /usr/local/bin/smartctl -A -d sat /dev/sda | awk '/^194/ {print $10}'
I have a home server with some GUI to play internet radio using mplayer. But when I play it from the server, it wouldn't play and apache error log said access denied to to home directory.
I also use a exec(pkill mplayer) to stop a service before creating a new one.
So currently I have to add www-data to /etc/sudoer with ALL access and it worked. I tried to did /home/ but it won't start either.
So I want to know what is the best way to start mplayer from webserver without security risks.
This is my code
exec("pkill mplayer");
exec("mplayer -slave -quiet http://iedm-fl.akacast.akamaistream.net/7/293/156397/v1/auth.akacast.akamaistream.net/iedm-fl </dev/null >/dev/null 2>&1 &");
If you want the sound to come out of the server:
Run sudo adduser www-data audio and reboot your server. This will give the user www-data permission to produce audio. After that, your original code should work. If it doesn't, try something simpler:
exec("pkill mplayer");
exec("mplayer http://iedm-fl.akacast.akamaistream.net/7/293/156397/v1/auth.akacast.akamaistream.net/iedm-fl&");
I guess when you try to run something from your /home www-data probably doesn't have rights for this location.
About security i'm not so sure but you are giving www-data users rights to run mplayer as root. Therefor mplayer becomes vulnerable to exploitation.
maybe you can isolate rights to a single script to run mplayer for them. Than give this script only execute rights so it can't be eddited so easy.
I've been trying to do this with video, but I just couldn't get the permissions right to display mplayer on the screen. So I created a BASH script to wait for a file change with inotifywait and then run mplayer as a user with permission to use it.
#!/bin/bash
# Mplayer server
# Watches for a file to be populated; then launches mplayer
PLAYFILE=/tmp/mserver_play.txt
CONTROL=/tmp/mserver_control
if [ -f $PLAYFILE ] ; then rm -f $PLAYFILE ; fi
while true ; do
touch $PLAYFILE
chmod a+w $PLAYFILE
r="$(inotifywait $PLAYFILE 2> /dev/null)"
if [ "$(echo $r | tail -1 | cut -d' ' -f2)" != "MODIFY" ] ; then
echo File removed or changed, exiting
exit 1
fi
# The wait is over! Play the file.
PLAYPATH="$(head -1 $PLAYFILE)"
rm $PLAYFILE
# TODO: Put in security checks on PLAYPATH.
if [[ -p $CONTROL ]]; then
rm -f $CONTROL
fi
mkfifo $CONTROL
chmod a+w $CONTROL
mplayer -autosync 30 -mc 2 -cache 10240 -cache-min 50 -ao sdl -lavdopts skiploopfilter=all -vf cropdetect -quiet -slave -input file=$CONTROL "$PLAYPATH" 2> /dev/null > /dev/null
done
Run that script as a user with permissions to run mplayer. mplayer probably has more tags here than are necessary for either of our purposes, but it works for both video and audio. Then in PHP you just write the path you want to play into the $PLAYFILE, e.g. with file_put_contents('/tmp/mserver_play.txt', $the_file_to_play).
Security, of course, is relative. Any user can write to the file to launch mplayer, and I couldn't find an easy way to restrict that; but adding www-data to your group and removing the chmods should probably work. You might, for example, want to restrict files to play to local files with test -f $PLAYPATH, but I want the ability to use http URLs there.
Okay so I want to change the file mode of a directory to 777 so I use the line
exec('chmod -R 777' . $dir);
where $dir is the directory path of the directory I wanna change
it doesn't seem to work but I don't get an error for it, also if the user I was executing the script from was a sudo user so I have to enter the password after I enter the command, how would I do this? Would it be something like exec('chmod -R 777' . $dir\n 'password'); ?
Information I get from this site
Execute system commands via PHP
Many a times we need to execute system commands on a Linux system – to delete a directory, or restart a service. However, since Apache does not run with root privileges, it is nearly impossible to use PHP’s exec(), system() or passthru() functions to achieve that.
The solution to this is very simple, specially on Ubuntu. The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.
1.Run the command sudo visudo
2.At the end of the file, add the following
www-data ALL=NOPASSWD: /sbin/iptables, /usr/bin/du
This is assuming that you wish to run iptables and du using super user (root) privileges. However, if you wish to run every application using super user privileges, then add the following instead of what’s above
www-data ALL=NOPASSWD: ALL
3.That’s it, now use exec() in the following manner inside your .php script
exec ("sudo iptables -P FORWARD ACCEPT");
This is driving me crazy. I need to have php execute a command to restart a script running in node. I'm using a node app called forever to run said script. The code is as follows:
<?php
echo '<pre>';
echo exec('sudo -u dalton forever restart botti.js 2>&1');
echo '</pre>';
?>
However, when I run that, I get sudo: forever: command not found
Next, I try which forever and type forever, both which give me:
forever: /usr/local/bin/forever
I edit my code to:
echo exec('sudo -u dalton /usr/local/bin/forever restart botti.js 2>&1');
Edit: After a typo, the error is now:
/usr/bin/env: node: No such file or directory
I'm at my wit's end. Any ideas?
As the forever command only runs, when you give the full path, I suspect, that /usr/local/bin is not in your PATH environment variable, which contains all directories, that are searched for executable commands by default, separated by : (I suspect you're on Linux, may differ for other OS)
I suspect forever calls /usr/bin/env node. The error from env is probably caused by node being outside your PATH too.
To set your PATH in php, use putenv('PATH=<your path here>');
e.g. to append /usr/local/bin:
putenv('PATH=' . getenv('PATH') . ':/usr/local/bin')
This may also be a sudo issue, try the -E (preserve environment) switch.
Figured it out, I needed to define node as well:
$asdf = system('sudo -E -u dalton /usr/local/bin/node /usr/local/bin/forever restart botti.js 2>&1');
Create a symbolic link for forever
ln -s /usr/local/bin/forever /usr/bin/env/forever
And also for nodejs if incase it's still called "nodejs". Make it call as "node"
ln -s /usr/bin/nodejs /usr/bin/node
I will solve the forever execution problem.
For php side, try with this
echo shell_exec("your command sh");
I've made a simple bash script for server admininstration and I cannot figure how can I run it in safely inside a php page: I'd like to create a php admininstration page but I obviously don't want to hard-code root password anyware. Let's make an example (this is a foo script, of course)
#!/bin/bash
touch /$1
this simple/stupid script will not work if the user who run it as no writing permission on /.
Actually the script add apache virtualhosts, ftp users and so on...
any ideas?
thanks
Use
sudo /path/to/executable/file
and set up sudo so it can execute the following command for the current user as a root.
http://www.sudo.ws/sudo/sudoers.man.html - here is the sudoers manual, the configuration file, that you have to modify.
zerkms ALL = (ALL) NOPASSWD: /sbin/iptables -L FORWARD -n -v -x
This is example from my /etc/sudoers. Here I allowed to run command /sbin/iptables -L FORWARD -n -v -x as root without asking a password for user zerkms.