I get this error when running a program from www-data.
Error
sudo: no tty present and no askpass program specified
But I have added the following to sudo visudo
www-data ALL = NOPASSWD: /var/bin/poppler-0.65.0/build/utils/pdfimages
The path /var/bin/poppler-0.65.0/build/utils/pdfimages is correct.. I have tested it from a terminal.
Command
sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list
data/scan_voucher/17.pdf
As you said that already setting up sudo visudo correctly, I will first take a look at Tarun Lalwani links, specially the part about disable requiring tty in your sudoers :
Defaults !requiretty
Try to do the same command but with flag -S actived (sudo -S yourcommand)
The -S (stdin) option causes sudo to read the password from the
standard input instead of the terminal device.
If it doesn't work for you, you can try a trick that seems to work like this one (from here):
echo '' | sudo -S your_command
That will send an empty password to first prompt to enter password.
How are you executing this from PHP? Try with:
#exec("sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list data/scan_voucher/17.pdf");
Hope that it helps!
Related
If I am executing multiple commands like this
'sudo -s && cd /apps/10.0.10.200/wso2am-1.7.0/repository/logs && tail wso2carbon.log'
But when i'm login to the server with my user, i have to get the root permission by executing following command
sudo -s
And then I have to reenter the password also.
So my issue is when I execute above command, how can I pass my password.Because I have to execute the command and wait until it asks to enter the password.
please guide me on that to solve.
this is my code.
include('Net/SSH2.php');
$ssh = new Net_SSH2('10.0.10.200');
$ssh->login('xxxxx', 'xxxx') or die("Login failed");
echo $ssh->exec('sudo -s && cd /apps/10.0.10.200/wso2am-1.7.0/repository/logs && tail wso2carbon.log');
This is a very bad idea as long as you will need to keep the user's password in your code which represent a non-negligible security issue (full remote access to the ssh server). You should have a special account on the ssh server you are connecting to that would only allow access to the log file you want to show.
However if you take a look at this superuser question or run sudo --help. You'll see that you can use sudo -S to get the sudo command to read the password from stdin.
so this should do the trick:
$echo <password> | sudo -S <command>
using php:
echo $ssh->exec('echo '.$password.'| sudo -S tail /apps/10.0.10.200/wso2am-1.7.0/repository/logs/wso2carbon.log');
Go to your server and provide sudoers permission without password to your user.
This is highly insecure but you can edit you /etc/sudoers by using command sudo visudo
This command will open the /etc/sudoers file in the terminal now you can add you user entry in it using below line for executing sudoers command without password :
<user_name> ALL=NOPASSWD:ALL
Replace user_name with your user name in above line.
If your syntax goes wrong you can damage your sudoers file and hence won't be able to execute the sudo command.
If that happens use this command to rebuild your sudo file:
pkexec visudo
Then enter the sudo password.
I am running CentOS 6, as httpd is executed as user 'apache'. For security reasons, I want to use sudo to be executed via exec as user 'aq':
<?php exec("/usr/bin/sudo -u aq somescript.sh",$output,$return_val);?>
With visudo I have added the following line:
apache ALL = (aq) NOPASSWD: ALL
Furthermore I temporary gave apache as login shell (/bin/bash), to be able to test
/usr/bin/sudo -u aq somescript.sh
directly which worked.
php exec fails as $return_val delivers a '1' if sudo is invoked.
Comment out this line from /etc/sudoers
Defaults requiretty
I'v tested your case in few ways ant this one gives me success.
Under a controlled environment, I will try to execute some calls to shell, some of such commands will include sudo privileges.
I tried this php code line:
$out = shell_exec('sudo -u root -S ls < /home/user/.y/.qqz');
Where at last .qqz is a file containing actual password.
However apache log shows this output:
[sudo] password for www-data:
Like the password file is not being passed to the command stdi?
I already made www-data part of the sudo group. How can I get my objective done?
I want to create a file in PHP using shell_exec. Here's the statement I'm trying:
$out = shell_exec('sudo touch maintenance.flag 2>&1 1> /dev/null');
And contents of $out are
sudo: no tty present and no askpass program specified
I'm on Ubuntu 11.10, so I visudo to take a look at the sudo permissions. I set sudo to:
%sudo ALL=(ALL) NOPASSWD: ALL
but it's still not working. What are some things or alternatives I can try to resolve this?
Well, i have this program i need to run via either functions however it is located on my dekstop (this ubuntu 11.04).
I moved it to /home/Username, but no dice.
I run
$blah = exec('sudo | echo mypassword | /home/server1/program commandhere', $test);
var_dump($test);
var_dump($blah); ?>
The output is nothing.
I was told if i wanted to run it via sudo i needed to add the Apache user which is www-data to the sudoers list, i added it, but no luck again.
Basically, i've tried A LOT of things, it just wont run. Why?
EDIT:
If i paste that into the terminal it works great, just not with exec,system nor passtrhu.
Use echo mypassword | sudo -S instead.
It also depends on which user has sudo privileges. If you want to run this from the apache process, you need to give the apache user sudo privileges as well.
Also, just to clarify, the command should be:
echo mypassword | sudo -S /home/server1/program commandhere
Look into your security log. Not sure where this is on Ubuntu, possibly /var/log/secure or /var/log/messages. I'm betting that you find a message there similar to sudo requires a TTY, or sorry, you must have a TTY to run sudo indicating that sudo is configured not to work without a real interactive shell. That is, sudo won't permit you to use it in a script or to be called by an external program.
I recently dealt with this issue myself while trying to bind a Gnome keyboard shortcut to a sudo command.
If this is the case, you'll need to comment out the following line in /etc/sudoers
#Defaults requiretty