We Keep Coding

How to allow user www-data use sudo commands without password

I want to allow run specify command on my website, through PHP exec() function, so i found the way, to add www-data in sudoers.d files to allow run specify commands without asking password.
I tried next things:
check where is program catalogue
whereis hashcat -> hashcat: /usr/bin/hashcat
Add a new file to sudo visudo /etc/sudoers.d/www-data and add next line www-data ALL=(www-data:www-data)NOPASSWD: /user/bin/hashcat
Try to run it through www-data: sudo -u www-data sudo hashcat
And then i get this: [sudo] password for www-data:, that means it doesn't seems to work
What can i do wrong, and what i should do then? And is my decision to do so correct? Is there a better and safer solution?

That problem is solved, by removing the (www-data:www-data) so my "www-data: file in sudoers.d looks like: www-data ALL=NOPASSWD: /usr/bin/hashcat
Thanks all for answering and give me a hint to solve this! Especially thanks to #cyberbrain for my carelessness!

VCHI initialization failed screen error when executing sh script from php

I want to trigger the screen power on a raspberry pi from an simple php site.
I'm using apache 2 and php7 on raspbian and the files are stored on /var/www/html/controller and all have chmod 777 set.
this is how my php site looks:
<?php
if ($_GET['on']) {
shell_exec("/var/www/html/controller/on.sh");
}
?>
turn on
and my on.sh file like this:
#!/bin/bash
vcgencmd display_power 1
when I click the link I get the following error:
VCHI initialization failed screen
Any suggestions how to fix this?

I figured out that the .sh files need more permissions. To be more precise the user www-data as described here https://unix.stackexchange.com/a/127529
To do so:
Run the command sudo visudo
add www-data ALL=NOPASSWD: /var/www/html/controller/ on the very end
modify shell_exec("/var/www/html/controller/on.sh"); to shell_exec("sudo /var/www/html/controller/on.sh");

Issues With PHP exec & shell_exec - Shell Script Execution

I've been unable to run php scripts that I need to use to start and stop webcam services that run on the local machine with the scripts. I can find nothing in the logs to indicate why the script doesn't' work.
I confess to being severely handicapped regarding PHP, especially server-side scripting.
The environment is Debian Jesse running Nginx with all required SSH and PHP modules installed
I have added www-data to the sudoers file with:
www-data ALL=(ALL) NOPASSWD: /var/www/html/start_webcam.sh
Enabled the $PATH environment for www-data at:
/etc/php5/fpm/pool.d/www.conf
The shell script resides in the .../html directory and runs from the terminal with no issues.
This is the code for both the php and shell scripts:
start_webcam.php:
<?php
echo exec('sudo bash /var/www/html/aspirebox/start_webcam.sh 2>&1, $output');
print_r($output);
?>
The $output and print_r stuff is there because it was the last thing I tried based on a post I found out here somewhere.
start_webcam.sh
#!/bin/bash
service motion start
Thanks in advance to anyone out here that has a clue. After 2 days of wrestling with this, I am sure that I do not.

according to Passing Variables to shell_exec()? you should change your code like this:
<?php
$output = exec('/var/www/html/aspirebox/start_webcam.sh 2>&1 ');
print_r($output);
?>
and let your bash script execute as all (no need to sudo bash):
chmod a+x /var/www/html/aspirebox/start_webcam.sh

Thank you very much - that worked.
I worked through getting the path straight for the directory the shell script runs in, and the correct path to run "service".
All I have now is to figure out why I'm getting "Failed to start motion.service: Access denied"
I've given www-data permission to run the script without a password on sudoers, have to keep digging.
Thanks again!

how to touch nginx cache file via php

Usually to flush nginx cache, I use the unix command :
touch /var/ngx_pagespeed_cache/cache.flush
I'd like to know if I can do the same with php in order not to log on SSH to do it.
If yes, would this code work ? :
<?php
$flush_file = "/var/ngx_pagespeed_cache/cache.flush";
touch($flush_file);
?>
If not, could you point me on how to please ?
Many thanks in advance.

Reposted my own comment above for better formatting.
Well, I guess it would be safe enough to chown this file to user which run php/webserver ex. www-data. Then give him write permission on this file.
On Debian server it would be somethings like this:
sudo chown www-data /var/ngx_pagespeed_cache/cache.flush
sudo chmod +w /var/ngx_pagespeed_cache/cache.flush

How to execute a shell script in PHP?

I have a script in /var/www/myscript.sh which creates folders and runs the command svn update for my projects. I need to execute this script by calling it in a PHP file in the browser (i.e. Localhost/test.php). I tried using functions shell_exec() and exec() but those did not work. I ran my shell script in terminal with su www-data && ./myscript.sh and it worked. What else am I missing?
<?php
$output = shell_exec("./myscript.sh");
?>
Update 5/4/2011:
I added www-data ALL=(ALL) NOPASSWD:ALL to /etc/sudoers and it works, but this is very insecure. Is there another way to do this?

Several possibilities:
You have safe mode enabled. That way, only exec() is working, and then only on executables in safe_mode_exec_dir
exec and shell_exec are disabled in php.ini
The path to the executable is wrong. If the script is in the same directory as the php file, try exec(dirname(__FILE__) . '/myscript.sh');

You might have disabled the exec privileges, most of the LAMP packages have those disabled. Check your php.ini for this line:
disable_functions = exec
And remove the exec, shell_exec entries if there are there.
Good Luck!

Residuum did provide a correct answer to how you should get shell exec to find your script, but in regards to security, there are a couple of points.
I would imagine you don't want your shell script to be in your web root, as it would be visible to anyone with web access to your server.
I would recommend moving the shell script to outside of the webroot
<?php
$tempFolder = '/tmp';
$webRootFolder = '/var/www';
$scriptName = 'myscript.sh';
$moveCommand = "mv $webRootFolder/$scriptName $tempFolder/$scriptName";
$output = shell_exec($moveCommand);
?>
In regards to the:
i added www-data ALL=(ALL) NOPASSWD:ALL to /etc/sudoers works
You can modify this to only cover the specific commands in your script which require sudo. Otherwise, if none of the commands in your sh script require sudo to execute, you don't need to do this at all anyway.
Try running the script as the apache user (use the su command to switch to the apache user) and if you are not prompted for sudo or given permission denied, etc, it'll be fine.
ie:
sudo su apache (or www-data)
cd /var/www
sh ./myscript
Also... what brought me here was that I wanted to run a multi line shell script using commands that are dynamically generated. I wanted all of my commands to run in the same shell, which won't happen using multiple calls to shell_exec(). The answer to that one is to do it like Jenkins - create your dynamically generated multi line of commands, put it in a variable, save it to a file in a temp folder, execute that file (using shell_exec in() php as Jenkins is Java), then do whatever you want with the output, and delete the temp file
... voila

If you are having a small script that you need to run (I simply needed to copy a file), I found it much easier to call the commands on the PHP script by calling
exec("sudo cp /tmp/testfile1 /var/www/html/testfile2");
and enabling such transaction by editing (or rather adding) a permitting line to the sudoers by first calling sudo visudo and adding the following line to the very end of it
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/testfile1 /var/www/html/testfile2
All I wanted to do was to copy a file and I have been having problems with doing so because of the root password problem, and as you mentioned I did NOT want to expose the system to have no password for all root transactions.