i am trying to execute pkill command by php script.
killengine.sh script runs fine from terminal, both with ./killengine.sh and php restart.php.
this is killengine.sh
#!/bin/bash
sudo pkill -f engine
and this is restart.php
$out = shell_exec("/var/www/killengine.sh 2>&1");
var_dump($out);
Both files have 755 permissions. Ownew of restart.php is apache, and root is owner of killengine.sh. Also i tried with both owners to be root/apache.
In visudo i made this changes:
Defaults:apache !requiretty
but i get: "sudo: no tty present and no askpass program specified"
Then i tried with
Defaults!/var/www/killengine.sh !requiretty
then i get: "sudo: sorry, you must have a tty to run sudo"
Also, this line is present all the time at the EOF
apache ALL=NOPASSWD: /var/www/killengine.sh
but without success.
OS is Centos 6
Any ideas?
solution:
changed restart.php to
$out= #shell_exec("sudo /var/www/killengine.sh");
Related
I am using ubuntu server 20.04 LTS, where I have multiple shell files, using php from apache I need to run multiple shell files from a browser but need to run as root.
I have tried the command shell_exec and added sudoers (www-data) and none works, which I can put in the code to enter as root and be able to execute the shell script.
<?php
$code = shell_exec('echo "passwd" | sudo -u root -S sh /home/user/name.sh');
echo "<pre>$code</pre>";
?>
Because your are executing this script as www-data and www-data doesn't have the required privilege to execute any sudo commands.
You can try the following steps.
Modify www-data in /etc/sudoers to be able to execute a script as the superuser. This is a sensitive file and you have to use visudo as the editor to make the changes.
$ sudo visudo -f /etc/sudoers
www-data ALL=(ALL) NOPASSWD: /home/user/name.sh
This will allow www-data to execute the script as the superuser without a password.
In your PHP code change the command in your shell_exec() as follows:
$code = shell_exec(sudo sh /home/user/name.sh');
Make sure your name.sh is set up with proper file modes to protect yourself.
I am trying to run a shell script from a PHP script.
PHP code :
<? php
$sss = escapeshellarg('virtualbox');
$result = shell_exec("/home/hani/Desktop/launchscript.sh '$sss' 2>&1 ");
echo "<pre>$result</pre>";
echo "<br />";
echo (shell_exec('whoami'));
?>
my shell script :
#!/bin/bash
sss=$1
echo 'the sudo password' |sudo -S service $1 restart
After I run the PHP code in a web server (Xampp), I got this output :
[sudo] password for daemon: Sorry, try again.
[sudo] password for daemon:
sudo: 1 incorrect password attempt
daemon
Although, I haven't set any password for the daemon user.
And after I checked the current user running the PHP code I found it is daemon.
After many researches here and in the net, I found that daemon can't run sudo commands.
I also found that I can fix this by editing the sudoers file and giving permissions to the daemon user to run sudo commands. However this is not a secured solution.
so my question is : How to run that script via the PHP code but not as a daemon?
PS : I tried this in order to change the current user running the PHP file :
$result = shell_exec(" sudo -u hani /home/hani/Desktop/launchscript.sh '$sss' 2>&1 ");
But I got this output in the browser :
sudo: no tty present and no askpass program specified
and the user remains daemon.
I am using Xampp in Ubuntu 16.04
Another information, I run this command in the terminal to know the owner of the 'httpd' service :
ps -ef | egrep '(httpd)' | grep -v `whoami` | grep -v root | head -n1 | awk '{print $1}'
the output is : daemon
I think i found a solution ( but still not sure about the security issues).
It only needs to change the default user (owner) and group of the httpd service. This can be done by editing the httpd.conf located in /opt/lampp/etc (if you are using Xampp). The default user, as I mentioned in the question, is daemon. However it has not permissions to run sudo commands, so it only needs to change that user by another one who has the permissions to run sudo commands (obviously the root user or your deafult user in Ubuntu).
a better way is give daemon access to run the one particular script you want
edit the sudoers file
sudo visudo
add in the following line (change the path to the script you want to run)
daemon ALL=(ALL) NOPASSWD: /home/ubuntu/scripts/script.sh
I am running the following code to run bash commands
shell_exec("sudo sh script.sh $conf_file");
The $config_file holds the value of e.g abc.conf
In my script.sh file
#!/bin/bash
mv $1 /etc/apache2/sites-available/
I have also given permission to www-data user to use sudo without password by going to sudo visudo and added the following line in last
www-data ALL=NOPASSWD: /var/www/html/myapp/script.sh
You are running sh by sudo, not /var/www/html/myapp/script.sh one. It's also strange why you are runing script.sh by sh when your script begins with line #!/bin/bash. Simply try to change shell_exec to:
shell_exec("sudo /var/www/html/myapp/script.sh $conf_file");
I am running CentOS 6, as httpd is executed as user 'apache'. For security reasons, I want to use sudo to be executed via exec as user 'aq':
<?php exec("/usr/bin/sudo -u aq somescript.sh",$output,$return_val);?>
With visudo I have added the following line:
apache ALL = (aq) NOPASSWD: ALL
Furthermore I temporary gave apache as login shell (/bin/bash), to be able to test
/usr/bin/sudo -u aq somescript.sh
directly which worked.
php exec fails as $return_val delivers a '1' if sudo is invoked.
Comment out this line from /etc/sudoers
Defaults requiretty
I'v tested your case in few ways ant this one gives me success.
I want to create a file in PHP using shell_exec. Here's the statement I'm trying:
$out = shell_exec('sudo touch maintenance.flag 2>&1 1> /dev/null');
And contents of $out are
sudo: no tty present and no askpass program specified
I'm on Ubuntu 11.10, so I visudo to take a look at the sudo permissions. I set sudo to:
%sudo ALL=(ALL) NOPASSWD: ALL
but it's still not working. What are some things or alternatives I can try to resolve this?