I've a shell_test.php file in /var/www/html folder with this code:
<?php
shell_exec('/var/www/html/config.sh');
?>
config.sh in the same folder has this code:
#!/bin/sh
sudo -u root kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
When I run ./config.sh from folder, it runs.
When I run command in config.sh file directly in terminal, it
works too.
I've added this into sudoers file so that there is no need of password:
www-data ALL=(ALL) NOPASSWD: /var/www/html/config.sh
The thing is it's working fine when run using terminal in both the mentioned ways. Why is not executing when run in PHP?
Your problem is probably, that it is apache, www-data or some other user that is running your script and you try to run it as root.
Try without sudo -u root and change the group of the file to www-data with:
chown root:www-data your-script
As you say "It isn't outputting anything but my mosquitto broker is resetting every time it runs which lets me know"
I think you should replace
shell_exec('/var/www/html/config.sh');
with
$output = shell_exec('/var/www/html/config.sh');
echo $output;
According to php docs "shell_exec — Execute command via shell and return the complete output as a string"
shell_exec doesn't print by default; you have to store the string output and then use it
I made few changes in codes and it worked.
In shell_test.php, I changed code like this:
<?php
shell_exec('sudo -S ./config.sh');
?>
In config.sh, I changed like this:
#!/bin/sh
sudo kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
Related
I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.
I have done the following.
Created my bash script file script_test.sh
#!/bin/bash
whoami
echo $USER
echo 'test'
exit
when I run this from CLI, using
./ script_test.sh
It does indeed work and I can see the info echoed out in the CLI.
I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.
I created my php page (php_test.php) and it contains the following
<?php
chdir('/path/to/my/files/');
shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
I then ran the following to modify the sudoers file, giving www-data access to the bash script
sudo nano /etc/sudoers
to which I added the following line
www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh
I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command
sudo chmod 777 script_test.sh
From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.
Is there another log that could contain clues on this?
What else should I check here?
The result of shell_exec() is returned as string. To display it in your browser, simply add echo.
<?php
chdir('/path/to/my/files/');
echo shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
echo shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
See the Return Values in the manual:
The output from the executed command or NULL if an error occurred or
the command produces no output.
Can you try to use passthru instead of shell_exec, and see the output anything?
Also try this, and see if it shows on the log file:
if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");
Also, are you running PHP with the www-data user (check your fpm pool)?
Do you have any error on /var/log/syslog or /var/log/auth.log ?
Have you restarted the server after changing the sudo permissions?
What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?
Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?
I have an sh file with file-removing commands.
I run it from php like this:
shell_exec("sudo -n ./truncatefiles.sh 2>&1");
Thats works fine if I open the PHP file from browser, but doesnt work from scheduled cron tab.
PHP user: www-data
If i run whoiami from cron, returns same: www-data
I added this to my visudo:
www-data ALL=(ALL) NOPASSWD: /www/sites/..../importscript/truncatefiles.sh
Shell exec for this sh file returns (from cron):
sudo: sorry, a password is required to run sudo
Why works it dirrefent way in cron?
What should I do for get it work?
PLease try to do the following,
Try to log your output from crotab to a file,
* * myscript.php >> /var/log/myjob.log 2>&1
This way you can debug your script.
1. Also the check the user and permissions for your shell script, php file.
2. try with sudo crotab -e
For my project I am creating WEB interface to control QoS in Linux. I am trying to communicate with terminal with shell_exec() function PHP. And it works if try something simple like this:
shell_exec("ip link show");
But if try to change qdisc with(works in terminal):
shell_exec("sudo tc qdisc replace dev eth0 root pfifo");
nothing happens. I don't get any output either if I try to echo shell_exec(...);
I am running Ubuntu 14.04. I already added line in sudoers file to execute shell commands without password:
#includedir /etc/sudoers.d
%www-data ALL=NOPASSWD: /var/www/html
Maybe I did something wrong with sudoers file or is there any more things I should do before running shell_esec commands?
%www-data ALL=NOPASSWD: /var/www/html
This sudoers line would only allow www-data to execute the file /var/www/html. (Which is probably a directory, not an executable file, so it doesn't do anything.)
If you want to allow www-data to execute tc, you'll need to specify that in the sudoers file, using the full path to the executable.
It's not the exact answer, but try like this. It worked for me.
2>&1 produces the error message.
if(exec("sh whatever your cammand 2>&1", $output, $return_var))
{
print_r($output);
exit;
}
I have a PHP webpage on my raspberry pi with 2 buttons (on and off)
The on button button redirects to On.php
The off button redirects to Off.php
In "/usr/lib/cgi-bin" I have a python script that I would like to execute (script.py)
I can perfectly execute it from the terminal by typing
cd /usr/lib/cgi-bin
sudo python script.py
It works if I do it from the terminal.
The problem is the PHP file (On.php) in my "/var/www" folder.
This is what I wrote:
<?php
exec('cd /usr/lib/cgi-bin');
exec('sudo python script.py');
?>
Why is the script executing from the terminal, but not from my PHP?
You can't use sudo from a PHP script. Apache is running from an user (www-data generaly), so edit this file : /etc/sudoers
Then add this line :
www-data ALL=(ALL) NOPASSWD:ALL
Care ! this will authorize all functions to be called by a PHP script, you can adapt changing "ALL" by your script or Python command.
Then precise your user in your exec command :
<?php
exec('sudo -u www-data python /usr/lib/cgi-bin/script.py')
Try this out, it should be working:
<?php
system("cd /usr/lib/cgi-bin");
system("sudo python script.py");
?>
Or even this:
<?php
system("cd /usr/lib/cgi-bin && sudo python script.py");
?>
On an older Raspbian distribution you need to place your file in /var/www/file.py. So in your file.php you add:
{
exec("sudo python /var/www/file.py");
}
On a newer Raspbian Jessie you need to place your file in /var/www/html/file.py, so in your file.php you need to add:
{
exec("sudo python /var/www/html/file.py");
}
Or just any file.py
<?php
{
exec("sudo python test.py");
}
?>
Note: For this to work you need to edit a file first to add these lines to allow passwordless sudo
sudo nano /etc/sudoers
then go to the bottom and add this
pi ALL=(ALL) NOPASSWD: ALL<br>
www-data ALL=(ALL) NOPASSWD: ALL
how to run bash script from php with sudo
index.php :
<?php
$arg;
exec("sudo /var/www/script", $arg);
?>
script :
!#/bin/bash
echo YOUR ARG IS $1;
sudoers www-data ALL=NOPASSWD /var/www/my
chmod 755 /var/www/my
Firstly, you can't sudo it directly like that. So you have to change some configurations in sudoers file.
Run sudo visudo in console, add the following line at the end of file
nobody ALL = NOPASSWD: /var/www/script
P.S.: It's a security risk to use your script like that which would sometime perform breach in data security in a great extent so my suggestion is don't call your script like that.