I have below php script(test.php) in redhat linux.
<?php
shell_exec('touch /var/www/html/test.txt');
?>
If I run this script in command line (php test.php) ,it's working as expected.
But if I run test.php in browser(http://hostname/test.php) it's not creating file test.txt.
I tried edit sudo visudo www-data ALL=(ALL) NOPASSWD:ALL
Please help me on this!!
I guest it's because of permission, when you run in command line you run it as your user but when you run it via browser , it runs as web-service's user, so check the the permission of /var/www/html/ directory and set it's permission to 755 and change the owner to your web-service ( apache , apache2 etc you have as web serivce)
So
chown -R apache:apache /var/www/html/ (I'm not sure about your web-service, change it your webserice and it's group)
chmod -R 755 /var/www/html/
PHP will execute that just fine. But the system then does not find touch in the pathes it has to search.
Easiest, is to give the full path to touch. On my System using command whereis to find touch
$whereis touch
touch: /usr/bin/touch /bin/touch /usr/share/man/man1/touch.1.gz
So the script would be:
<?php
shell_exec('/usr/bin/touch /var/www/html/test.txt');
?>
Related
I'm having issues on write files inside a docker container. Always receiving a permission denied message.
I already tried using the following inside Dockerfile but any of them worked.
RUN chown -R www-data:www-data /var/www/html/folder
or
RUN chmod 775 -R /var/www/html/folder
Any clues?
Thanks.
Either the path does not exist when the image is being built or the user www-data does not exist.
If 'docker build' is failing, it will show you what the error is.
If the image is built, fire up a container and exec into it, see what the permissions are and run the command from the command line:
docker exec -it CONTAINER_NAME bash
id www-data
ls -l /var/www/html/folder
chown -R www-data:www-data /var/www/html/folder
This should reveal what the issue is and what changes need to be made to Dockerfile.
In addition, if that chmod occurs BEFORE the user is created in your Dockerfile (due to apache install for instance), the chmod will need to go after web server is installed
I am confused with file permission and their uses by Linux.
Web server : Apache,
OS : Ubuntu 16.04 LTS
I have a file test.php in /var/www/html/ folder with permissions 644 and owner and group as root. Now, this files does some internal routine work related to database, i.e. it interacts with database and this file is executed through cron job. Now, when I requested for this file through browser by putting www.example.com/test.php, then, to my surprize, the file got executed and did all the job with the database.
Now, here I have some points of confusion.
test.php file was compiled and executed, and for its execution I should set execute bit in the permission, which was not set actually.
When browser requested the file, it sent the request to apache, which is www-data user and this user executed this file. But the owner and group of the file was root. Also, other users except file owner and group have only read permission, then how was it executed.
Note : Even when I gave permission as 000 with root as owner and group then also file got executed when requested through browser.
files 664 and folder 755 and user and group www-data.
$ sudo chown -R www-data:www-data /var/www
$ sudo chmod -R 755 /var/www
And test to http://localhost/test.php
I user my personal user, then add my user to group www-data and change permission to folder 775 and filers 664. and owner personaluser:www-data
$ sudo usermod -aG www-data personaluser
$ sudo chown -R personaluser:www-data /var/www
$ sudo chmod -R 775 /var/www
www-data is a user/group that run the apache. So www-data execute (Interpreter ) the code.
For access with domain "example.dev" or other you have use a virtualhost. Check this: https://www.digitalocean.com/community/tutorials/como-configurar-virtual-hosts-de-apache-en-ubuntu-16-04-es
I'm trying to get an image of the raspi camera via a php script.
It's installed php5, apache2 and all necessary stuff.
Snippet: /var/www/img.php
if(isset($_GET['pic']))
system("sudo raspistill -w 512 -h 320 -o /var/www/img/img.jpg");
When I run the command directly in the terminal it's working, but the php script not. With sudo php /var/www/img.php?pic I'll get an error:
Could not read input file: /var/www/img.php
First I thought it's a problem with the permissions, but isn't working even with root privileges.
Have anybody an idea? I'm really depressed..
Thanks a lot!
Solution
first it's necessary to change the owner of the apache directory:
sudo chown www-data:www-data -R /var/www
After that it's not necessary to prepend sudo:
exec('raspistill ...');
It's also possible with popen, system, ...
I'm trying to mount an iscsi virtual disk, but if I execute the command through the exec function in php this give me that error: mount: special device /dev/sdf1 does not exist.
But if I run the command directly in the console it run well!!
What can I do?
I'm obtaining the /dev/sdf1 in a good way, and it exists, but only through php doesn't work.
Thanks
I'm running the command with sudo and run it in console as www-data user always with sudo, so, I suppose that is the same enviroment.
sudo mount -t ext3 /dev/sdf1 /san_disks/RIBS_2
The sudoers file has this lines:
www-data ALL = (root) /usr/bin/iscsiadm, /bin/mount, /bin/umount
%www-data ALL=NOPASSWD: ALL
And it works in console.
This was happening because "/dev" wasn't updated. I made a sleep(1) and it works!!
I have a shell_exec() command that accesses a directory above my document root so I need to use sudo "as root" to make it happen. (I understand the security issues and am putitng in measures to address it).
The issue is when I run the shell_exec() I get a "sudo: must be setuid root" error in my apache error_log file.
I thought the solution was to chmod 4750 the bash script that is called by my sheel_exec() but that does not do the job.
What exactly is "sudo: must be setuid root" trying to tell me and how might I resolve it?
Is the sudo executable itself setuid root? You may need to
chown root: /usr/bin/sudo
chmod u+s /usr/bin/sudo
Alternatively, skip sudo altogether. If your script is owned by root and has its own setuid bit set, then you don't need to use sudo to get root privileges. In fact, it can be more secure that way; you guarantee that your web user can only use that script, without having to edit sudoers. To do so, remove sudo from your shell_exec() line:
<?php
shell_exec('/path/to/your/command');
?>
Did you check the permissions for your script?
Who is owning the script?
Does the web user has the rights to sudo?
To fix this problem you need to chown and chmod sudo file as root as below.
chown root:root /usr/bin/sudo
chmod 4111 /usr/bin/sudo
chmod 0440 /etc/sudoers