I have an sh file with file-removing commands.
I run it from php like this:
shell_exec("sudo -n ./truncatefiles.sh 2>&1");
Thats works fine if I open the PHP file from browser, but doesnt work from scheduled cron tab.
PHP user: www-data
If i run whoiami from cron, returns same: www-data
I added this to my visudo:
www-data ALL=(ALL) NOPASSWD: /www/sites/..../importscript/truncatefiles.sh
Shell exec for this sh file returns (from cron):
sudo: sorry, a password is required to run sudo
Why works it dirrefent way in cron?
What should I do for get it work?
PLease try to do the following,
Try to log your output from crotab to a file,
* * myscript.php >> /var/log/myjob.log 2>&1
This way you can debug your script.
1. Also the check the user and permissions for your shell script, php file.
2. try with sudo crotab -e
Related
I've a shell_test.php file in /var/www/html folder with this code:
<?php
shell_exec('/var/www/html/config.sh');
?>
config.sh in the same folder has this code:
#!/bin/sh
sudo -u root kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
When I run ./config.sh from folder, it runs.
When I run command in config.sh file directly in terminal, it
works too.
I've added this into sudoers file so that there is no need of password:
www-data ALL=(ALL) NOPASSWD: /var/www/html/config.sh
The thing is it's working fine when run using terminal in both the mentioned ways. Why is not executing when run in PHP?
Your problem is probably, that it is apache, www-data or some other user that is running your script and you try to run it as root.
Try without sudo -u root and change the group of the file to www-data with:
chown root:www-data your-script
As you say "It isn't outputting anything but my mosquitto broker is resetting every time it runs which lets me know"
I think you should replace
shell_exec('/var/www/html/config.sh');
with
$output = shell_exec('/var/www/html/config.sh');
echo $output;
According to php docs "shell_exec — Execute command via shell and return the complete output as a string"
shell_exec doesn't print by default; you have to store the string output and then use it
I made few changes in codes and it worked.
In shell_test.php, I changed code like this:
<?php
shell_exec('sudo -S ./config.sh');
?>
In config.sh, I changed like this:
#!/bin/sh
sudo kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.
I have done the following.
Created my bash script file script_test.sh
#!/bin/bash
whoami
echo $USER
echo 'test'
exit
when I run this from CLI, using
./ script_test.sh
It does indeed work and I can see the info echoed out in the CLI.
I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.
I created my php page (php_test.php) and it contains the following
<?php
chdir('/path/to/my/files/');
shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
I then ran the following to modify the sudoers file, giving www-data access to the bash script
sudo nano /etc/sudoers
to which I added the following line
www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh
I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command
sudo chmod 777 script_test.sh
From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.
Is there another log that could contain clues on this?
What else should I check here?
The result of shell_exec() is returned as string. To display it in your browser, simply add echo.
<?php
chdir('/path/to/my/files/');
echo shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
echo shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
See the Return Values in the manual:
The output from the executed command or NULL if an error occurred or
the command produces no output.
Can you try to use passthru instead of shell_exec, and see the output anything?
Also try this, and see if it shows on the log file:
if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");
Also, are you running PHP with the www-data user (check your fpm pool)?
Do you have any error on /var/log/syslog or /var/log/auth.log ?
Have you restarted the server after changing the sudo permissions?
What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?
Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?
I am trying to run a php file every night at a certain time using crontab, however the php needs to be running as a www-data because of the directory permissions. To run it as www-data I am using the root crontab and changing the user in there, like so:
* 20 * * * sudo -u www-data /usr/bin/env TERM=xterm /path/to/dailyProc.sh
dailyProc is as follows
today=`date +"%d%m%y"`
year=`date +"%y"`
dm=`date +"%m%d"`
`tar -zxf /path/to/input/$today.tgz -C /path/to/output`
echo "starting data proc"
`/usr/bin/php5 -f /path/to/dataproc.php date=$dm year=$year`
echo "data proc done"
All other commands in dailyProc.sh work but the php doesnt run. The php is using an output buffer and writing it to a file, which works fine calling it from the command line but doesnt work when calling by cron.
I can also definitely run dailyProc.sh from the command line as www-data using
sudo -u www-data dailyProc.sh
and everything works as expected.
Is there any reason I would not be able to run this php file in dailyProc.sh using crontab when everything else in it works?
Cron can be run per user too.
crontab -u www-data -e
This works for me:
* 20 * * * su - www-data -C "/path/to/dailyProc.sh"
You do not need to use su or sudo in a crontab entry, because the 6th column is for the user name anyway. And you don't need to start a terminal, because you won't see it anyway. Hence, the following should do:
* 20 * * * www-data /path/to/dailyProc.sh
The Syntax error: word unexpected… you mentioned in a comment appears to be inside your code. Try running the script from the command line and start debugging from there.
To do this I used curl inside dailyProc.sh
today=`date +"%d%m%y"`
year=`date +"%y"`
dm=`date +"%m%d"`
`tar -zxf /path/to/input/$today.tgz -C /path/to/output`
echo "starting data proc"
`/usr/bin/curl "myserver.com/dataproc.php?date=$dm?year=$year"`
echo "data proc done"
I want to launch the command "unoconv" from a script php.
$command = '/usr/bin/unoconv --server localhost --port 2002 --format=pdf file.rtf >/dev/null 2>/dev/null';
$rc = system( $command );
echo $rc;
The command return no result and the file is not created.
I think is a problem from access with www-data and unoconv.
When I'm launching the command in shell, the file is created.
Any idea?
You can add command unoconv to sudoers.
I do this in this way:
I create wrapper bash script in for example /usr/local/bin where I have command unoconv.
#!/bin/bash
if [ -z "$1" ]; then
echo "Must pass file";
exit 10;
fi
/usr/bin/unoconv -f pdf $1.rtf
after this I adding entry in /etc/sudoers.d:
www-data ALL=NOPASSWD: /usr/local/bin/unoconv.sh
And now you can call script in php:
exec('sudo /usr/local/bin/unoconv.sh '.$fileName);
Try to run
$output = `/usr/bin/unoconv --server localhost --port 2002 --format=pdf file.rtf`;
instead and see error messages.
For me works like this:
$cmd = "/usr/bin/unoconv -f docx files/thefile";
shell_exec($cmd);
of course you have to do this previously (if you lounch your php script from the web):
chown -R www-data:www-data files/
I have found a solution to this problem when running Apache. You have to create the home folder for the www-data user
sudo mkdir /home/www-data
sudo chown www-data /home/www-data
Lastly we will have to edit the home directory and default shell for the www-data user
sudo vim /etc/passwd
For the entry of www-data the last two strings have to be replaced respectively with
/home/www-data
/bin/bash
Simple as this
$output = shell_exec('/opt/libreoffice5.0/program/python unoconv -f rtf test.html');
Edit the path to suite your configuration.
It just works!
You may be running into an issue with LibreOffice, OpenOffice or soffice not being able to write to the current user's $HOME directory.
By running the command below I was able to identify the correct $HOME directory and see the error that was being generated.
$cmd = 'echo $HOME & unoconv -vvvv --format %s --output %s %s 2>/tmp/unoconv.debug.txt';
exec($cmd);
The verbose output of $cmd will be generated written to the file: /tmp/unoconv.debug.txt.
In my case the output was:
Verbosity set to level 5
DEBUG: Connection type: socket,host=127.0.0.1,port=2002,tcpNoDelay=1;urp;StarOffice.ComponentContext
DEBUG: Existing listener not found.
DEBUG: Launching our own listener using /usr/lib64/libreoffice/program/soffice.bin.
Failed to connect to /usr/lib64/libreoffice/program/soffice.bin (pid=32012) in 6 seconds.
Connector : couldn't connect to socket (Success)
Error: Unable to connect or start own listener. Aborting.
The command ran seemed to fine as root, and as sudo -u nobody. On seeing this output I realized there was an issue with the home directory.
Kudos to Dag Wieers for his help - I'm hoping this helps other unoconv devs with their debugging.
I am running Apache on my localhost. From a PHP script run as www-user I would like to control Rhythmbox playback on my machine. So far I have a simple command in my PHP script:
exec('rhythmbox-client --pause');
This works great when I run it from the command-line as me, but if it runs as www-user I guess rhythmbox-client doesn't know/can't access my instance of Rhythmbox.
Is there an easy way for that PHP script to run as my user rather than www-user, or to tell rhythmbox-client which instance to control?
The overall application is that when my phone goes off-hook it calls my PHP script which pauses music, and resumes playback when the phone is on-hook. I love VoIP phones!
Solution:
Thanks to Carpetsmoker and Tarek I used sudo as the answer but there was a couple of problems. To overcome them I did the following:
Created a bash script to call rhythmbox-client. This bash script was executed using sudo in PHP as described in the answer below. Unfortunately rhythmbox-client didn't know what environment to control, so the bash script looks like this:
#! /bin/bash
DBUS_ADDRESS=`grep -z DBUS_SESSION_BUS_ADDRESS /proc/*/environ 2> /dev/null| sed 's/DBUS/\nDBUS/g' | tail -n 1`
if [ "x$DBUS_ADDRESS" != "x" ]; then
export $DBUS_ADDRESS
/usr/bin/rhythmbox-client --pause
fi
Now that bash script can be executed by PHP and wwwuser, and my phone can pause/play my music!
One solution is using sudo(8):
exec('sudo -u myuser ls /');
You will, obviously, need to setup sudo(8) to allow the user running your webserver to invoke it. Editing the sudoers file with visudo(8), you can use something like:
wwwuser ALL=/usr/bin/rhythmbox-client
To prevent Apache from being able to run other commands and only the rythymbox command.
In my case, the solution came this way:
Added this lines to sudoers file:
myuser ALL=(ALL) NOPASSWD: /usr/bin/prlctl
_www ALL=(ALL) NOPASSWD: /usr/bin/prlctl # IMPORTANT!!!
The EXEC() command in PHP was changed to:
exec("sudo -u myuser prlctl list -a", $out, $r);
If a process can be run by any user it can be run by PHP. Example is fortune command
-rwxr-xr-x 1 root root 18816 Oct 1 2009 /usr/games/fortune
Look at the x permission for every user. But this some times doesn't at all work and you may have to let the user, www-data or apache etc, run the program. You can sudo www-data and try to run the command. If it works then Apache/PHP should be able to run it.