I want to restart mysql service on click of the button using php.
I have developed application using php till now I tried below things and facing the problem
<?php
if ($_GET['run']) {
# This code will run if ?run=true is set.
var_dump(exec("sh rst.sh"));
exit;
}
?>
<!-- This link will add ?run=true to your URL, myfilename.php?run=true -->
Click Me!
What I am getting is:
string(55) "Restarting mysql (via systemctl): mysql.service failed!"
rest.sh:
#!/bin/bash
/etc/init.d/mysql restart
while executing above file from the commnad line it asks for the password.
any help will be appreciated.
Thanks
Granting the user that runs PHP/web server permissions to restart any service is generally a bed idea from security perspective not even taking about permission to manage all system daemons or full sudo.
Once you have been warned, you have to make sure the user that is running the PHP script has the permission to run the restart command. As already stated, the issue has likely little to do with PHP. There are several ways from you to proceed here:
You can grant the PHP user the sudo permission to run the desired command and nothing else (how to do that is covered elsewhere) and invoke the command directly from PHP: sudo systemctl restart mysql.
Keep the rst.sh file, get it owned by root, writeable by noone else but root and set SUID bit on that file. This way you can invoke the script without sudo but the script will be run as root thanks to the SUID bit.
#1 feels safer and simpler.
You could also try with system():
<?php
if ($_GET['run']) {
# This code will run if ?run=true is set.
var_dump(system("sh rst.sh"));
exit;
}
?>
<!-- This link will add ?run=true to your URL, myfilename.php?run=true -->
Click Me!
Though your problem is coming from the script you are running (rst.sh). Check the commands in script, you probably need to a systemctl call with sudo.
In php try using this command
exec("/etc/init.d/mysql restart");
or push this command to rst.sh
be ensure have chmod +x on file rst.sh
Related
I'm working on creating my own little Website to manage a Minecraft server as fun project. Now what I would need to accomplish is being able to send commands to the screen in which the server is running.
My approach to this was the following:
<?php
if (isset($_POST['startbutton']))
{
exec('sudo screen -S 23971 -X stuff "say hello^M"');
}
?>
<form method="post">
<button type="submit" name="startbutton">Test</button>
</form>
Now that command line works just fine when i execute it in the terminal itself, but as soon as i try to run it over the Website nothing happens.
If i just try to execute
if (isset($_POST['startbutton']))
{
echo exec('whoami');
}
?>
it works just fine as well. I don't know what I am doing wrong.
i'm really not sure about it, but try:
<?php
if (isset($_POST['startbutton']))
{
exec('sudo screen -S 23971 -X stuff "say hello^M"');
exec('YOUR SUDO PSW');
}
?>
<form method="post" action="YOUR PHP PAGE LIKE server.php">
<button type="submit" name="startbutton">Test</button>
</form>
let me know if it works
Seems like you are trying to execute a command that needs superuser permissions. In most setups PHP runs under the webserver user and it does not have those permissions. Also you should keep in mind that giving superuser permissions to PHP is a security risk.
My suggestion would be to have a dedicated service, responsible for executing those shell commands. You could then call that service from your PHP script without needing sudo.
Check these for details:
https://serverfault.com/questions/622271/securely-executing-system-commands-as-sudo-from-php/622277
sudo in php exec()
First of all: Thank you all for your support.
I was doing a bit of further research and found a solution for my problem:
I created a new user which I then gave the ownership of /var/www.
I then changed the apache2 user from www-data to the new user.
Now i just needed to start the screen with the minecraft server as the new user so i can access this screen out of php and I was able to get it to work without having to give any user full root privileges or anything.
I am having trouble getting a file to execute without typing sudo before it. I think the problem is the libraries I used require you to be a superuser.
I am working on a program for the Raspberry Pi and so far everything has worked great. The program takes a command line argument and outputs it to a separate 2x16 LCD. So if I type the following command as root or place sudo in front of it the program functions as intended:./serialTest Hello World.
What I am working on now is getting the value of a text box on a PHP webpage and submitting it to the program as a command line argument using the exec() function in PHP The problem is that I am unable to execute it because unless I am root I have tried exec("sudo ./serialTest" . $textBox); but it still tells me Permission Denied
After further reading into the libraries I am using I cam across instructions on how to execute the serialOpen function without using sudo or being root I have added the user pi and www-data to the dialout group I have verified this with id pi id www-data. The program still says Permission denied. Is there something I could look at further or am I doing something wrong? I have included the excerpt from the page that states how to run it without using sudo or being root
You can use it without sudo if you add yourself into the dialout group. either edit /etc/group, or use the usermod command. (and logout/login again)
-Gordon
It depends on the server rights provided by Server Service Provider. If you are the Service Prover then edit the Shell Access Rights to executed Exec command in PHP configuration file. As default, exec is not provided in default that's why the message is coming
If you are not service provider then contact them to do things..
i am using arch linux. i want to execute the php file which changes the ip of the system. i did
ifconfig eth0 192.168.163.137
in the terminal and it works fine. the same i tried doing with
shell_exec('ifconfig eth0 192.168.163.137');
in a php file and tried opening the page from a remotely located web browser from another pc connected via router. teh page displays nothing and the code also doesnt execute. i guess its the problem with the user executing it.apache is executing it. so i want it to be run by the root.can anyone please guide me to the execution of my code. i even installed sudo and just put
shell_exec('sudo ifconfig......');
it too doesnt execute...please help...thanku..:)
Sudo normally requires an interactive shell to enter your password. That's obviously not going to happen in a PHP script. If you're sure you know what you're doing and you've got your security issues covered, try allowing the Apache user to run sudo without a password, but only for certain commands.
For example, adding the following line in your sudoers file will allow Apache to run sudo without a password, only for the ifconfig command.
apache ALL=NOPASSWD: /sbin/ifconfig
Adjust the path and add any arguments to suit your needs.
Caution:
There might still be complications due to the way PHP calls shell commands.
Remember that it's very risky to allow the web server to run commands as root!
Probably a better alternative:
Write a shell script with the suid bit to make it run as root no matter who calls it.
shell_exec
This function is disabled when PHP is running in safe mode.
Documentation : http://php.net/manual/en/function.shell-exec.php
So, maybe try tweaking your php.ini file?
Write the commands to a queue and have cron pick them up, validate them (only allow known good requests), and run them, then mark that queue complete with the date and result.
Your end-user can then click/wait for update using ajax.
I am using opencv for initiating the camera on my arch linux. Its getting initiated and works well when I actually do it from the command line on the server itself.
I want to initialize it using php. I tried doing it using shell_exec from PHP.
My PHP file looks like:
<?php
$output=shell_exec('LD_LIBRARY_PATH=usr/local/lib ./a.out 0 2>&1 1>/dev/null');
echo $output;
?>
It gives this output:
ERROR: capture is NULL
I am running this through my windows web browser as a client and the opencv and the related files are on the server that is my arch linux.
I want to start the camera and capture images when I run this php file from the windows web browser, but when executed it throws the error as mentioned.
While this may work when you are SSHed into your server. The webserver user is most likely different than the user you login as. Popular user ids/groups that webservers run as on Linux machines are http, www-data, nobody, and others.
From this point you have two options.
You can make sure the script you are trying to run from PHP (and all of it's children, if any) is able to be run by the webserver user.
You can modify your /etc/sudoers file which gives the webserver user access to elevate permissions for that script only. (NOTE: This potentially opens up security holes so be careful).
To find out what user your webserver runs as execute this: ps aux
Take a look at the output and the first column in the output lists the user that that process is running at. Here's an excerpt of my webserver (nginx) on one of my boxes:
www-data 26852 0.0 0.0 29768 3840 ? S Jun04 0:50 nginx: worker process
You can see that nginx runs with the user www-data here. You can also execute the command with grep to help you find the process quicker. Grep will only show you those lines which match what you send to it. Here's an example: ps aux | grep nginx
Ok now that you know what user the webserver is running as, let's try giving that user access to the script. Let's say your script is foo and is located in /usr/local/bin. You would do the following commands:
chown www-data /usr/local/bin/foo
After changing ownership on the file try to rerun your command again from your PHP page and see if it works.
For completeness I also said you could give your webserver user sudo privileges to that file. To do that you would need to append the following line to the bottom of your /etc/sudoers file:
www-data ALL= NOPASSWD: /usr/local/bin/foo
Then your shell_exec command could switch to this:
shell_exec('sudo /usr/local/bin/foo');
Please keep in mind that doing this would allow your webserver user to run the script as root which is incredibly dangerous in a variety of situations. However, the camera may require elevated permissions to work. I'm not sure what the permissions requirements are on the camera setup you are trying to invoke.
Good luck. Hope this helps!
I can run an svn command from the command line but not from within a PHP script. Significantly, I can run the PHP script on my Mac and it returns the expected data just fine but when I upload it to my Linux server it won't work (from within PHP... I can run the svn command from the terminal). I'm pretty sure this is a user or permission issue of some sort.
I can run (from command line):
svn log http://whatever.com/svn/foo
but none of the following work (run separately... not all together like this):
exec('svn log http://whatever.com/svn/foo');
exec('svn log http://whatever.com/svn/foo',$out);
exec('/usr/bin/svn log http://whatever.com/svn/foo');
However this works:
exec('ls');
I assume the problem is that when I run from the command line I am running as root whereas when I run from PHP I am running as the apache user (www-data)? Perhaps? Any suggestions on how to be able to run exec('svn log http://whatever.com/svn/foo');?
Changing permissions to 777 (just trying to get it working!) does not help.
Here are a couple of threads that I think might help:
Thread 1 (read as there is more):
$cmd = '/usr/bin/svn list --config-dir /some/place file:///var/subversion/devfoundry/ 2>&1';
exec($cmd, $output);
$output = implode("\n", $output) . "\n";
echo $output;
Thread 2:
The Subversion error "svn: Can't
recode string" can be caused by the
locale being wrong. Try
<?php
putenv('LANG=en_US.UTF-8');
?>
(or whatever your preferred locale is)
before you call shell_exec()
Thread 3: PHP Interactive Shell
May be you can use a svn client for php. Here is a good one
http://code.google.com/p/phpsvnclient/
When you run Subversion from the command line, you are running it as yourself. That is, you are the user logged in and running the command.
If you are running Php from a webpage, it is the user who is running the Apache httpd daemon (which could be "apache", "www", "runwww", etc. depending upon the platform). The user running the PHP script may not have read/write permissions to the Subversion repository.
You have two ways of solving this:
Provide your program with user credentials via the --username and --password command line parameters.
Setup the user running httpd with Subversion credentials. Once it is done, it'll never have to be done again. This way, your PHP code doesn't contain login credentials.