I'm having trouble to run a bash file using PHP.
PHP File :
chdir('/var/www/PATH/inc/bash/');
exec('./status.sh argument, $output);
Bash File :
#!/bin/bash
echo 'test' >> /var/www/PATH/inc/bashOutput/test.txt
PHP File (ls -al handler.func.php) :
-rw-r--r-- 1 root root 461 Jul 5 11:35 handler.func.php
Bash File (ls -al status.sh) :
-rwxr-xr-x 1 root root 255 Jul 5 11:39 status.sh
Script is working using through root with SSH.
I'm not a pro on Linux.
But I think it's a problem come with the file owner.
But I have already done some damages in the past with "chown" so If it is indead the problem I would prefer some guidance from more experienced people.
Thanks for you help,
Konorr.
Script is working using through root with SSH. There is the problem. When a PHP script run via a web request it usually runs as the user www-data. In anycase <?php exec('./status.sh argument, $output);?> in a security hole. Most server admins would have this disabled.
Your other option is to put sudo in your exec function exec('sudo bash /var/www/PATH/inc/bash/status.sh'). Along with running the script with an absolute path bash /var/www/PATH/inc/bash/status.sh
Why can't you run a cron on your script?
Thanks for you answer but unfortunatly it didn't worked for me.
I search a litle more about file owners.
I did few changes
I made in these change :
chown -R www-data:www-data /var/www/PATH
usermod -a -G www-data user
chgrp -R www-data /var/www/PATH
chmod 2750 /var/www/PATH
chmod 2750 /var/www/PATH/inc/bash
It wasn't yet working till I removed the sudo from the EXEC function.
So I don't know from which point my problem was already fixed.
I followed this article : www-data permissions?
Thanks for you time and in the hope it can help someone else.
Related
I found my crontab scripts do not work as expected because they cannot write on /var/log. I tried executing command:
sudo /usr/bin/php /var/www/html/iPhone/inarrivo/php/rome/process.php >>
/var/log/romeLoading.log 2>&1
by hand and got:
-bash: /var/log/romeLoading.log: Permission Denied
/var/log permissions are:
drwxr-xr-x. 13 root root 4096 15 ago 16.20 .
If I conversely execute:
sudo touch /var/log/loadRome.log
I get no error whatsoever.
What could be the issue?
Please note Apache is not at stake: I am calling those scripts from the root crontab and from the shell with sudo as a test.
best guess: the user running the shell doesn't have write access to /var/log/romeLoading.log , and the stdout redirect (>>) is redirected by the shell user, not the sudo user, thus the access denied on >> , but not on sudo touch. maybe try
sudo sh -c '/usr/bin/php /var/www/html/iPhone/inarrivo/php/rome/process.php >> /var/log/romeLoading.log 2>&1'
that should run sh as root, and have the root-sh do the redirect with root permissions. untested though.
and next time you want to post permissions for debugging, post the namei -l path/to/file output, it gives much more info than stating the single file itself when debugging permission issues, as the issue can be higher up than the file itself, like the folder its in, or the folder that the folder it's in, is in, etc~ and namei gives you, recursively, detailed permission information on all of them.
It's a permissions issue as the log file belongs to root user and apache runs off www-data. Try chown www-data:www-data /var/log/loadRome.log.
I have a WebHook configured to commuticate with Telegram Bot, and I want to run some root commands when bot command arrives. As we know the Telegram Bot sends https request to our web hook, so I can only run shell script as www-data user. But I actually want to run it as root.
My script kill.sh:
#!/bin/bash
kill -9 $1
From php I run:
exec('kill.sh ' . $pidFromTelegramMessage);
Rights:
$ ls -al kill.sh
-r-xr-x--- 1 root www-data 24 Dec 16 15:27 kill.sh*
I even tried to put this script in /tmp directory but i does not work either. A always gets:
/tmp/kill.sh: 3: kill: Operation not permitted
I found only one way to do this. I put this line into /etc/sudoers by run visudo command:
www-data ALL = NOPASSWD: /bin/kill, /usr/bin/tail, /tmp/run.sh
Add execute permissions to /tmp/run.sh:
chmod a+x /tmp/run.sh
Now you can run these three commands as www-data user:
sudo kill -9 32233
sudo /tmp/run.sh
But you must think twice before allow anyone execute /tmp/run.sh script.
I am using a php script to call a backend python script.
<?php
error_reporting(-1);
$output = shell_exec("sh run.sh 2>&1");
echo "<pre>$output</pre>";
?>
The run.sh script is:
#!/bin/bash
wget http://markets.usatoday.com/custom/usatoday-com/html-mktscreener.asp
python hw7-9.py index.html
echo "done";
The output is
run.sh: wget: not found
run.sh: python: not found
done
If I run it normally from shell it works perfectly.
to try and fix the not found I did "which wget" and replace full path
/afs/cad/sw.common/bin/wget -O index.html http://markets.usatoday.com/custom/usatoday-com/html-mktscreener.asp
I get permission denied
What are the permissions of your php and your shell script?
I've used the same approach that you're using, successfully. Full ownership and attribute details below.
# ls -l
-rw-r--r-- 1 root root 2332 Jan 4 23:07 daily.php
-rwxr-xr-x 1 root root 232 Oct 30 22:43 get_stuff.sh
The user/group ownership on your system will vary. The read/write/execute permissions don't have to strictly match mine, either. But for reference, my setup is achieved via:
chmod 644 daily.php
chmod 755 get_stuff.sh
chown root:root *
I am running Apache on my localhost. From a PHP script run as www-user I would like to control Rhythmbox playback on my machine. So far I have a simple command in my PHP script:
exec('rhythmbox-client --pause');
This works great when I run it from the command-line as me, but if it runs as www-user I guess rhythmbox-client doesn't know/can't access my instance of Rhythmbox.
Is there an easy way for that PHP script to run as my user rather than www-user, or to tell rhythmbox-client which instance to control?
The overall application is that when my phone goes off-hook it calls my PHP script which pauses music, and resumes playback when the phone is on-hook. I love VoIP phones!
Solution:
Thanks to Carpetsmoker and Tarek I used sudo as the answer but there was a couple of problems. To overcome them I did the following:
Created a bash script to call rhythmbox-client. This bash script was executed using sudo in PHP as described in the answer below. Unfortunately rhythmbox-client didn't know what environment to control, so the bash script looks like this:
#! /bin/bash
DBUS_ADDRESS=`grep -z DBUS_SESSION_BUS_ADDRESS /proc/*/environ 2> /dev/null| sed 's/DBUS/\nDBUS/g' | tail -n 1`
if [ "x$DBUS_ADDRESS" != "x" ]; then
export $DBUS_ADDRESS
/usr/bin/rhythmbox-client --pause
fi
Now that bash script can be executed by PHP and wwwuser, and my phone can pause/play my music!
One solution is using sudo(8):
exec('sudo -u myuser ls /');
You will, obviously, need to setup sudo(8) to allow the user running your webserver to invoke it. Editing the sudoers file with visudo(8), you can use something like:
wwwuser ALL=/usr/bin/rhythmbox-client
To prevent Apache from being able to run other commands and only the rythymbox command.
In my case, the solution came this way:
Added this lines to sudoers file:
myuser ALL=(ALL) NOPASSWD: /usr/bin/prlctl
_www ALL=(ALL) NOPASSWD: /usr/bin/prlctl # IMPORTANT!!!
The EXEC() command in PHP was changed to:
exec("sudo -u myuser prlctl list -a", $out, $r);
If a process can be run by any user it can be run by PHP. Example is fortune command
-rwxr-xr-x 1 root root 18816 Oct 1 2009 /usr/games/fortune
Look at the x permission for every user. But this some times doesn't at all work and you may have to let the user, www-data or apache etc, run the program. You can sudo www-data and try to run the command. If it works then Apache/PHP should be able to run it.
I am trying to backup all the files on our server using some SSH commands via PHP and I have a script working to some extent.
The problem is that only some of the folders actually contain any files but the folder structure seems to be correct though.
This is the script I am using:
<?php
$output = `cd /
ls -al
tar -cf /home/b/a/backup/web/public_html/archive.tar home/*`;
echo "<pre>$output</pre>";
?>
I cant even view the files via SSH commands, an example of this is the test account. If I use the following command I am unable to view the website files.
<?php
$output = `cd /home/t/e/test/
ls -alRh`;
echo "<pre>$output</pre>";
?>
But if I use the same commands on the a different account I am able to see and download of the website files.
Is this a permission problem or am I missing something in my script?
Thanks
ls -l / | grep home
the output will be like this:
lrwxr-xr-x 1 root wheel 8 Mar 30 14:13 home -> usr/home
In my case, the owner is root, and the root user its primary group is wheel, so now we add www-data user to wheel group so he can list files in there:
usermod -a -G wheel www-data
You can download some files because they located in directory owned by www-data user, and when you can't, www-data has no permission in that.
I think it permission problem, try to give apache user(or what you set it) permission to read /home/* directory's.
To find the user name that used by apache service run this:
For linux:
egrep -iw --color=auto 'user|group' /etc/httpd/conf/httpd.conf
For FreeBSD:
egrep -iw --color=auto '^user|^group' /usr/local/etc/apache22/httpd.conf
My guess is that PHP is running in a chroot.
If you just want to execute a backup, consider doing it in a different language. Especially if it is just a sequence of UNIX commands, write a shell script. Perhaps more details on what this script will be used for and who is providing and maintaining your hosting will be useful.