I am using a php script on my apache/ubuntu server to call a bash script that triggers an application taking a python script as an argument (IDAPro).
PHP Code
chdir('/var/www/dashboard/team/static/sql');
$output = exec('sudo -u rohan ./start.sh');
Now, the above code works fine if I run the PHP file from the terminal - but only if I run it as the root user. Needless to say, if I execute the bash file directly it runs too.
But when I run the PHP file on the browser, it doesn't work and I get the following error in the apache error log:
QXcbConnection: Could not connect to display
Aborted
I understand that Apache/php runs as 'www-data' user (used the 'whoami' to verify), and that is why I have the sudo in my exec. I have tweaked and tinkered the permissions for both users to no avail. When I run the php file from the terminal as the 'www-data' user, it throws no error but does not do anything except display the random echo tags I at the start and end of the script to debug it.
I am a linux novice, so any help is greatly appreciated.
Okay, I finally managed to solve it.
The issue is not with the permissions, but it is with the environment variables.
I had to include the following line in my bash script
export DISPLAY=':0.0'
Note that setting the variable in the terminal and running the script does not work. The line needs to be inside the script.
I assume this is because the DISPLAY variable is not set if you run the script as any user other than root, which is what happens in case of Apache/PHP where the script is executed as the 'www-data' user.
perhaps you could use something like the following at the top of your script:
if [ "$(id -un)" != "rohan" ]; then
exec sudo -u rohan $0 "$#"
fi
export XAUTHORITY=/home/rohan/.Xauthority
export DISPLAY=:0
Related
I'm developing a code which uses ldap_search Shell Script Command for extracting user information from Active Directory using user id and by proper LDAP Server Authentication. I am getting accurate result from ldap_search script.
But, whenever I put the shell script inside exec or shell_exec PHP command, I'm not getting anything.
All the other shell scripts are working fine with the help of PHP exec command except ldap_search.
Is there some additional task left for me to do?
Is ldap_search and exec/shell_exec not compatible with each other?
You must use echo exec('your command or script');
Make sure to have permissions to run it. I mean, the web user must have permissions to execute that.
May seem obvious, but I think your failure is in something basic like this. You must put echo to show the result of the command.
EDIT After reading your new comments about it and using that new info... I saw you are trying to redirect the output to a file... but maybe you have 2 different problems.
Have the user which is executing php (usually www-data) permission to write on the folder where the php is?
Your code has quotes inside quotes that must be escaped using . Try this:
<?php exec("ldapsearch -x -v -h 'LDAP://server' -p '389' -D 'uid=\"domain_user_id\",ou=users,ou=internal,o=\"organization\"' -w 'domain_password' -b 'ou=users,ou=internal,o=organization' 'uid=person's_user_id' >> result.txt"); ?>
So you don't need echo if you want the output in a file. And the redirection >> can be inside the command executed, not in php.
Remember that > replaces de file and what you have >> add at the end of the file.
For my project I need to run a bash script located on a ubuntu server through php.
This is my sh script: test1.sh
#!/bin/bash
xte 'keydown Control_L' 'keydown Alt_L' 'key l' 'keyup Alt_L' 'keyup Control_L'
my php file is: bashTest1.php
<?php
$message = shell_exec("bash test1.sh 2>&1");
echo $message;
?>
But when I open the php page in browser, I get this error:
Unable to open display 'default'
the 'xte' command in 'test1.sh' basically performs Ctlr+Alt+L action virtually.
I have checked the file permissions for 'test1.sh'. it is ok. And I have run the bash file in terminal it is working.
I have also checked 'ls' command in the same 'test1.sh' file and it shows all files in that directory in my browser.
Can you please help me to run this command in my php script.
Thank you all in advance!
Finally I solved the problem. In Ubuntu every user is given a DISPLAY. In my bash file first I had to specify on which DISPLAY I needed to execute the command. At last I needed to grant the php user permission to execute the command. finally my bash file looks like this:
#!/bin/bash
export DISPLAY=":0"
xhost +
xte 'keydown Control_L' 'keydown Alt_L' 'key l' 'keyup Alt_L' 'keyup Control_L'
NOTE: Bear in mind to check your user's display first. because different users will be given different DISPLAYS. You can check your user display by this command in terminal
who
You are missing 2 things:
The address of the X display needs to be either passed to xte with the -x parameter, or set to the DISPLAY environment variable.
The XAUTHORITY environment variable needs to be set with the magic cookie of your X display.
This answer has much more information.
This is really simple but I cannot get it to work at all. Spent many hours and I've always give up. I created php script called copy.php and it should call a python script called copy.py.
I want to execute a command line like this
<?php exec('/var/www/html/copy.py'); ?>
Really simple.
Why cannot I get the python script executed from php exec()? The function inside python script is to get a copy of error_log from a different directory (outside of Apache) into html directory.
If I run that from a terminal
> php copy.php
It did execute the function and made a copy. Why is that the web browser isn't doing it?
Let me simplify this:
why cannot exec("cp /var/log/httpd/error_log /var/www/html/path/to/php/script") work?
it works fine if I type it in terminal but not when run in a browser.
As others have alluded to, the difference is probably permissions. When you run a command from the command line, you're generally not the same users as your apache script is running as.
Put another way, if from the command line you type whoami, you'll probably get whatever name your user account is.
The echo exec('whoami'); from within php shows who the script is running as, which is Apache.
So, whatever command you're trying to run from your web server isn't available to run as the Apache user. You mentioned you've been able to have exec("python /usr/diskpurge/script.py") work, but not to have exec('/var/www/html/copy.py') doesn't. This is due to in one instance you're running python, in the other you're trying to execute your copy.py script. If copy.py doesn't have execute permissions for the Apache user, you're not going to be able to run it from the browser.
Perhaps different settings apply for the Apache environment versus the command line.
Use error_reporting(E_ALL); and ini_set('display_errors', true) to see what errosr may come up.
It is possible that the Apache environment is prohibited from using exec or the fact that Apache runs under a different user that does not have execute rights on the python script.
sounds like a permission error. Check if your server is running with sufficient rights.
echo exec('whoami');
Set your error reporting to report all:
ini_set('display_errors', true);
error_reporting(E_ALL);
and check for errors..
If your whoami returns a user which is not a member of the SU family (linux) or administration (windows) then resite your permissions..
Linux:
Assign the user returned by whoami correct permissions to run python scripts.. Do not allow the resulted username to run as root with total administration powers.. This is a big no no
The only reason its not working is because you didn't set the write permissions!
Do:
sudo nano /etc/sudoers
And then put the following:
www-data ALL=(root) NOPASSWD:ALL
purpose: use php to input commands directly into the minecraft server console
Im trying to use a php script (run from browser) to exec() a shell script. when i run the php from a terminal it works! But in the browser, nothing happens.
exec('sudo -u root sh /home/minecraft/whitelist-reload.sh', $out, $ret_val);
When running from terminal, i get a "array 0" but the browser gives me a "array 1"
what is the issue?
and once i run the shell, shouldn't everything after that work as if you were on a terminal?(does it matter what is inside of shell script?)
the shell has all rx permissions and is in the sudoers file as
www-data ALL = NOPASSWD: /home/minecraft/whitelist-reload.sh
The problem is, that you run the script on a terminal as a user that probably has the sudo rights, whereas the apache/webserver user doesn't, so the $ret_val (which is actually just a status code) is set to 1 (means error).
try var_dump($out); in both cases to see the results of your exec call. To do this kind of thing from the browser, you might want to look into proc_open and family, or have a script that is chmod'ed to 777, so the apache user can run it, too. Let that script then call the actual shell script and return it's output back. This is, however very dangerous, and should only be used for testing environments on your own machine. Never do this in production environments!
I have posted a couple of questions here, too that might prove informative:
interaction over ssh
opening a second shell, and load profile variables AND call another script
Turns out... after inputting www-data into the sudoers file, all i needed to do was take of the "-u root" after it
I am attempting to create a php script that can connect thru ssh to my Qnap TS219 server and run a command on it.
My script so far connects fine to the server but when I run the command I get an error message and I can't figure it out.
exec.sh
#!/bin/bash
cp /share/MD0_DATA/Qdownload/rapidshare/admin/script.txt /share/MD0_DATA/Qdownload/rapidshare/admin/script.sh
chmod 755 /share/MD0_DATA/Qdownload/rapidshare/admin/script.sh
nohup sh /share/MD0_DATA/Qdownload/rapidshare/admin/script.sh &
exit 0
script.sh
#!/bin/bash
/opt/bin/plowdown -o /share/MD0_DATA/Qdownload/rapidshare /share/MD0_DATA/Qdownload/rapidshare/admin/down.txt 2>/share/MD0_DATA/Qdownload/rapidshare/admin/output.txt
the command that I am currently running thru ssh after I submit the form:
echo $ssh->exec('sh /share/MD0_DATA/Qdownload/rapidshare/admin/exec.sh');
Right now generates the code below but only after I kill 2 bash processes (the page keeps loading indefinetly and the processor activity is at 100% if I don't kill the 2 bash processes):
/share/MD0_DATA/.qpkg/Optware/share/plowshare/lib.sh: line 261: getopt: command not found start download (rapidshare): http://rapidshare.com/files/312885386/Free_Stuff-Your_Internet_eBay_Business_Free_Startup_Resources.rar /share/MD0_DATA/.qpkg/Optware/share/plowshare/lib.sh: line 261: getopt: command not found /share/MD0_DATA/.qpkg/Optware/share/plowshare/lib.sh: line 46: --insecure: command not found Error: failed inside rapidshare_download()
This script will be used in my local network, no access from outside, so I am not worry about security, I know the code looks very basic, primitive but I have no experience with php, shell script, so if someone can make any sense on this and help me out will be greatly appreciated.
Edit1. I also tried the shell_exec command still no joy and if I run the script thru putty works beautifully.
Edit2. I think we are on to something.
I added the code you suggested and I got the following message.
sh: /share/MD0_DATA/.qpkg/Optware/share/plowshare: is a directory /usr/bin:/bin:/usr/sbin:/sbin
I think at the moment the PATH is usr/bin:/bin:usr/sbin:/sbin and I think it should be /opt/bin /opt/sbin because there are the "executables". Any ideeas?
Thanks,
Chris.
Run this
echo $ssh->exec('pwd');
Does it list your path correctly? If so then your problem is NOT PHP, if it doesn't list or still gives an error then PHP is your problem and we can continue from there.
From the error you've listed, my first guess would be that PATH isn't set, so lib.sh can't find what it's looking for.
Remember you're logging in with a custom shell (PHP ssh), quite often things aren't set as they should be, so your scripts might not find requirements like paths and variables.
Edit:
Since it's giving /root, we at least know it's going through, why not also set the PATH etc...
echo $ssh->exec('PATH=$PATH;/share/MD0_DATA/.qpkg/Optware/share/plowshare; sh /share/MD0_DATA/Qdownload/rapidshare/admin/exec.sh');
Remember you can also use this to see what is and isn't being set.
echo $ssh->exec('ECHO $PATH');
I think I got it:
Following viper_sb logic, I changed the code to:
echo $ssh->exec('PATH=$PATH:/share/MD0_DATA/.qpkg/Optware/bin; sh /share/MD0_DATA/Qdownload/rapidshare/admin/exec.sh');
echo $ssh->exec('echo $PATH');
and magic, it worked ... I'll test it further, when I get home, but I think it worked, a file was downloaded in the /Qdownload/rapidshare folder ... hooray.