I want to run scilab with BackDoor module from PHP script. (https://atoms.scilab.org/toolboxes/BackDoor/0.2)
When I run command in terminal
sudo scilab-adv-cli
result is something like
opening BackDoor
BackDoor: listening to commands on TCP port 27020
and scilab is still runnig, and I can connect it from octave.
But I want to run this from API. When I run in PHP script
$result = shell_exec("sudo scilab-adv-cli 2>&1");
$result is
Start
... (loading things)
Opening back door
BackDoor: listening to connections on TCP port 27020
Killed
2>&1 in the command I need for showing last line from result. (http://php.net/manual/en/function.shell-exec.php#106250)
I dont know why is this happening. When the module BackDoor wasn't installed, result was "\n\n", not "Killed". When I run never ending while, the process will showing in the list of command "top" in terminal, until I kill it. With BackDoor module process will showing up only few seconds and then ends.
I tried:
chown www-data:www-data -R /(path to scilab folder also with backdoor files)
chmod 777 -R /(path to scilab folder also with backdoor files)
I also tried run never ending while
$result = shell_exec("sudo scilab-adv-cli -e "i = 1; while i < 10 disp("i"); end; " 2>&1");
but few seconds after scilab start, is killed. In the last case was showed many many times "1.\n\n" and then "BackDoor: listening to connections on TCP port 27020. Killed".
I'm the developer of this module. The problem is probably that the Backdoor opens a TCP port for receiving connections. Check your PHP module to see if it has permission to open such a port.
Related
I try to execute a ping command with the user www-data
$command = 'ping -c 4 www.stackoverflow.com 2>&1';
$result = shell_exec($command);
But i always get ping: icmp open socket: Operation not permitted.
So i tried to allow the command by executing visudo and adding this line:
www-data ALL = NOPASSWD: /bin/ping
Then i restarted apache2 and tried it again, but i still get Operation not permitted.
How can i solve this?
The use of setuid, that provoques that ping is executed with the user of the ping itself (root) and not the user who launches the command (here www-data), is an old way to solve this problem, and not the best one today.
See this post. Recent linux distribution use kernel capabilities to solve that. Run getcap /bin/ping, it should return: /bin/ping = cap_net_raw+ep.
If not, you can manually set the capabilities. Run, as root:
# setcap cap_net_raw+ep /bin/ping
Or, more elegant, re-installe the appropriate package. In Debian distributions and derivatives, this is iputils-ping.
Lately I've been playing with R-Pi. Now I'm trying to stream with the Raspberry pi b+ and camera.
I have a basic website in php from where I give commands to camera (Start - Stop streaming).
The problem is that when I press Start Streaming , the RED led from camera will light for a sec then it's going off.
When I choose to run the stream from command line(terminal) , it works.
Here's my script :
#!/bin/sh
raspivid -o - -t 0 -n -w 600 -h 400 -fps 12 | cvlc -vvv stream:///dev/stdin --sout '#rtp{sdp=rtsp://:8554/}' :demux=h264
And here's my php file where do I call the shell script:
$trimite = shell_exec('sudo sh streaming.sh');
Any ideeas?
Thanks in advance !
Sounds like this could be being caused by a permissions error. Run the command sudo chmod +x streaming.sh
If that does not fix the problem, (assuming you have a webserver running apache) run "sudo a2enmod" in terminal, then sudo chmod +x /usr/lib/cgi-bin then restart apache (sudo service apache restart)
Note:
If error "could not write permissions, directory does not exist" occurs, you will need to run command 'sudo mkdir /usr/lib/cgi-bin/' in terminal
Create a cgi script to call bash script:
#!/bin/bash
echo ""
echo "Content-type: text/html"
echo "<html><head><title>Light on"
echo "</title>"
echo "</head><body>"
echo "$(bash /home/pi/streaming.sh) #this calls the shell script"
echo "</body></html>"
Then you must save this file as /usr/lib/cgi-bin/first.cgi and assign it permissions with "sudo chmod +x /usr/lib/cgi-bin/first.cgi" Assuming that your apache server is set up correctly (Various guides can be found about enabling the cgi module correctly, if a2enmod did not work properly), you should now be able to go to the web browser on another LAN machine and browse to http://IPofRPI/cgi-bin/first.cgi.
The script should execute. Congratulations!
If the script does not execute, you can read up about CGI and apache modules online and see what is wrong with your scripts.
I had kind of the same problem a while back and that question can be found here: Here
I hope this helps you, or someone else :)
We are calling a bash script from PHP that will do a simple git pull.
When we run this script from terminal using root or the apache user it executes fine.
However, when php excecutes the script using exec it outputs this error:
error: Failed to connect to XX.XX.XX.XX: Permission denied while accessing https://someuser#bitbucket.org/somecompany/testproject.git/info/refs
XX.XX.XX.XX is the IP address our http proxy resolves to
It also prints out the user and proxy config (as you will see in the bash script below)
PHP:
chdir('/var/www/scripts');
$cmd = './gitBranch.sh 2>&1';
exec($cmd,$currentOutput,$err);
print_r($currentOutput);
BASH:
#!/bin/bash
cd /var/www/gitManagedPackages/testproject
whoami #to verify it's the apache user
git config --get http.proxy #to verify it has the proper proxy setting
git pull
When running the script as the apache user [su -c ./gitBranch.sh -s /bin/sh apache]
apache
http://someproxy.somecompany.net:8181
Already up-to-date.
Why does it fail when running from PHP? It's executing as the apache user and has the correct proxy set.
As it turns out, httpd is not allowed to make outgoing connections by default. The outputted error is actually from git's use of curl.
running this fixed it:
setsebool -P httpd_can_network_connect 1
I'm trying to create a temporary tunnel via php so I can query a remote database.
The following code works through php-cli and as a shell command, but it doesn't seem to do anything when I run it trough apache:
$connect = "ssh -i remotekey -f -L 3315:localhost:3306 user#<remote IP> sleep 20 >> /tmp/logfile";
$out = shell_exec($connect);
A few notes:
remotekey is owned by wwwrun (the apache user under openSuse), perms are at 600
The logfile in /tmp gets created (and is blank)
safe_mode is off
Using PHP 5.3.17
After opening the site, I check the running processes for the background ssh and get nothing.
If I run it through php-cli, I see the tunnel running.
This has been driving me crazy. Any help would be greatly appreciated.
UPDATE
The issue was with the command silently failing as the apache user due to the remote server not being in the known_hosts file for the apache user.
Running the command with:
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
circumvented this and the tunnel now works.
Thanks to the helpful folks who pointed me in the right direction in the comments.
I actually try to laucnh a gnome-term with a php script, seems i have some problems with the users www-data;
my script make only a ls -l command in a directory (is just for a test) and i run it with a php page in my local-web site.
here the gnome-terminal command in my bash script (he run perfectly when i double-click on him) :
gnome-terminal --working-directory=/opt/cuckoo -x bash -c "ls -l"
and here is the call on the php-page :
system("/my/path/to/the/script/script.sh");
i have some echo in my script and i see them in the php page after i try to run the script with the php.page.
i think www-data don't have the right to do so i give the ownership of the script with the chown command, and at last a try the sudo visudo command and make the script execute like the user www-data is root (with NO PASSWD arg)
But i can't open the terminal and make a ls at last, i try with exec too, and show the result with $ouput butthe result is the same as well.
At last my question is : Php can really run a terminal or maybe a fool myself^^? Thanks for taking time to rescure me ;)
PHP can run everything, but depends who spawns it. Forget just running X apps from a web server - you'll need more than just executing them (permissions, DISPLAY and Xauth settings). Read more about the X clients and architecture.
Probably the right place to ask this is at SuperUser, since the problem is not in the coding itself.