How to execute a bash script that use ssh with php - php

I'd like to execute my script bash with php. My script is logging me into my server then creating me my account.
SCRIPT="useradd martinouh --home /home/martinouh --create-home; echo martinouh:$pass | chpasswd; usermod -s /bin/bash martinouh; usermod -aG sudo martinouh; usermod -aG docker martinouh;"
sshpass -p $pass ssh -o StrictHostKeyChecking=no root#$ip "${SCRIPT}"
sshpass -p $pass ssh-copy-id -i /home/Martinouh/.ssh/id_rsa.pub martinouh#$ip
But when i run it via shell_exec(); It does execute the script but not the part with sshpass.
What should I do in order to execute it ?
At the moment, just to test shell_exec();. I'm executing my script by calling localhost/script.php which contains the following
<?php
$output = shell_exec('bash select.sh');
echo $output;
?>
I'm getting this in the error_log :
Failed to change pseudo terminal's permission: Permission denied
Failed to change pseudo terminal's permission: Permission denied
Failed to change pseudo terminal's permission: Permission denied
Failed to change pseudo terminal's permission: Permission denied
Maybe it has to do with selinux and apache permission ?

Since the error messages refer to the pseudo terminal, try to disable this with -T. Most functionality that require pseudo terminal functionality is interactive and would not be appliccable in such a context anyway.

Ok now that i've disabled SELinux, it does execute the part that log then add an user ...
But it won't do the
sshpass -p $pass ssh-copy-id -i /home/Martinouh/.ssh/id_rsa.pub martinouh#$ip
I'm getting this on my webpage
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/home/Martinouh/.ssh/id_rsa.pub': Permission denied
So I tried to move the key and chown -R apache:apache on it, what I get was this on my webpage :
/usr/bin/ssh-copy-id: ERROR: failed to open ID file './id_rsa': No such file or directory (to install the contents of 'id_rsa.pub' anyway, look at the -f option)
I tried with the -f but it doesn't change the
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/.pub': No such file or directory
edit :
It is now working with SELinux disabled and to correct the ssh-copy-id, I had to copy the id_rsa.pub AND the id_rsa to a directory and chown -R apache:apache both of them. The private key was needed otherwise i coudn't copy my id_rsa.pub to the server (even with -f flag).
Now how should I correct this that we know what make it works (even tho it is not the proper way ?)
Give apache the right to access ~/.ssh/ ? (for ssh-copy-id)
Give apache the right to execute script / shell ? (SELinux)

Related

Permission denied when logging on /var/log from a php script

I found my crontab scripts do not work as expected because they cannot write on /var/log. I tried executing command:
sudo /usr/bin/php /var/www/html/iPhone/inarrivo/php/rome/process.php >>
/var/log/romeLoading.log 2>&1
by hand and got:
-bash: /var/log/romeLoading.log: Permission Denied
/var/log permissions are:
drwxr-xr-x. 13 root root 4096 15 ago 16.20 .
If I conversely execute:
sudo touch /var/log/loadRome.log
I get no error whatsoever.
What could be the issue?
Please note Apache is not at stake: I am calling those scripts from the root crontab and from the shell with sudo as a test.
best guess: the user running the shell doesn't have write access to /var/log/romeLoading.log , and the stdout redirect (>>) is redirected by the shell user, not the sudo user, thus the access denied on >> , but not on sudo touch. maybe try
sudo sh -c '/usr/bin/php /var/www/html/iPhone/inarrivo/php/rome/process.php >> /var/log/romeLoading.log 2>&1'
that should run sh as root, and have the root-sh do the redirect with root permissions. untested though.
and next time you want to post permissions for debugging, post the namei -l path/to/file output, it gives much more info than stating the single file itself when debugging permission issues, as the issue can be higher up than the file itself, like the folder its in, or the folder that the folder it's in, is in, etc~ and namei gives you, recursively, detailed permission information on all of them.
It's a permissions issue as the log file belongs to root user and apache runs off www-data. Try chown www-data:www-data /var/log/loadRome.log.

Php shell_exec() Permission Denied Using gpg Command

The error message:
gpg: Fatal: can't create directory '/srv/http/.gnupg': Permession
Denied
The script:
<?php
$cmd = "/usr/bin/gpg -e -a -r kioccio#gmail.com prova 2>&1";
echo shell_exec($cmd);
?>
Why I don't have the permission?
P.S.Without 2>&1 the command doesn't work.
P.S. adding 'sudo' at the command doesn't work
I am the user simone
shell_exec or any other command with shell interaction uses the user and group setted into httpd.conf. If that user doesn't have the proper permissions to manipulate the folder and the bins that you want, you'll experience those errors.
I recommend to study about permissions in the linux system and the proper way to give them without compromise the security of your system, some routines must be in a sandbox to save about malicious commands.

Permission error by execute bash script via php shell_exec

I try to insert line to /etc/ppp/chap-secret file via bash script what should run with php shell_exec.
I hope that I am on right way or is there a better way?
whatever my work is like below,
/var/www/test.php:
<?php echo shell_exec("cd /etc/ppp; bash test.sh"); ?>
/etc/ppp/test.sh:
#!/bin/bash
sed -i "/IP addresses/a client123* pw123123 192.168.0.101" chap-secrets
I also added www-data ALL=NOPASSWD: /etc/ppp/test.sh to sudoers.
I get this error:
sed: couldn't open temporary file ./sedXym2Nn: Permission denied
from terminal all works fine, but I need it from admin web via button click.
How to fix permissions error and get this process?
Granting a web server access to system files sure seems reckless, but at least you are using a wrapper script to prevent the server from running arbitrary commands with super user privileges. That being said:
You have given www-data sudo access to /etc/ppp/test.sh without password, but you are not executing the command with sudo from your shell_exec function.
Calling shell_exec("cd /etc/ppp; sudo bash test.sh"); should do the trick.

Execute php script without permission from web

I'm trying to execute a php script but i'm having this kind of errors:
Warning: file_put_contents(/sys/class/gpio/export): failed to open stream: Permission denied in /home/pi/php-gpio/src/PhpGpio/Gpio.php on line 99
Warning: file_put_contents(/sys/class/gpio/gpio17/direction): failed to open stream: Permission denied in /home/pi/php-gpio/src/PhpGpio/Gpio.php on line 103
I've tried to set up the permission in the $ sudo visudo like this:
www-data ALL=NOPASSWD: path/to/my/script
or
www-data ALL=NOPASSWD: ALL
but is not working, i'm able to execute this script only with sudo form the command line!
Thanks in advance!
If you using in your computer, you must change the default directory permission:
$ sudo chmod -R +w /sys/class/gpio/export
else if you run code in a server, in server panel and in section files (e.g. CPanel) change permission and add write right.
Another way is running exec() command:
<?php
exec('chmod -R +w /sys/class/gpio/export');
?>
However, php should have exec right and running with root!
I recently published a project that allows PHP to obtain and interact with a real Bash shell (as root if requested), it solves the limitations of exec() and shell_exec(). Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('/sys/class/gpio/export');
$return2 = $shell->exeCmd('/sys/class/gpio/gpio17/direction');
//the return will be a string containing the return of the command
echo $return1;
echo $return2;
In terms of security it is far better than running apache as root, or the wide open sudo permissions in your question. But letting PHP anywhere near root is always tricky.
The project i built achieves a root bash shell in one of 2 ways:
1) You allow apache the right to sudo python.
OR
2) You pass root credentials to the object every time you need a shell with root setup.
Pick your poison. :) Read the documentation.

EXEC() in php, cec-client raspberry

I would like lauched a command in php over my RPI.
The command is echo 'standby 0' | cec-client -s, it's work fine in ssh my Tv shutdown, but in php echo shell_exec("......") return adapters autodetect FAILED ... But also mkdir doesn't work with sheel_exec, so i think it's probably PATH problem, but i don't know how to fix it. My PATH in ssh is /usr/local/bin....... and in php is /sbin:/bin:/usr/sbin:/usr/bin .
How i can fix it. Sorry for my english ...
I tried the same and got a message saying "failed to open vchiq instance". I found a question on Raspberry Pi StackExchange suggesting to add the user to the "video" group. I did that with usermod -a -G video www-data and then restarted apache with /etc/init.d/apache2 restart. Then I was able to use cec-client from PHP and apache.
It is permissions problem. While running command via ssh you executing it as user pi(probably), but via shell_exec you execute command as user www-data which do not have necessary permissions. You can check this by running echo shell_exec("whoami");
You can easly fix this by adding line "www-data ALL=(ALL) NOPASSWD: ALL" into your "/etc/sudoers" file and then run "echo shell_exec("sudo echo 'standby 0' | sudo cec-client -s");", hovewer this will add to the user www-data all of the sudo permissions and it is very unsecure, but it will work. If you want to do it more secure way you need to find which permissions cec-client required to run properly and then add them to user www-data.

Categories