I have a PHP script that when i press delete all button it will delete all the specific users cron.
I am trying to make it delete all the roots cron jobs but it wont work. Any idea?
I have access to the whole system including roots. I have http user and root.
PHP code:
if (isset($_POST['saveadconfig']))
{
shell_exec("sudo crontab -r -u root");
}
I tried without sudo but i added sudo and still nothing. There is loads more code but i made it simple to read. Thanks!
P.S: It goes into the if statement perfectly its just it wont run the command to remove root crons properly.
I also have
http ALL=(ALL) ALL
in my /etc/sudoers file. http is the php user.
Issue was me not providing the full paths to the commands while using sudo!
Another issue was i need to provide a password so i bypassed that with:
NOPASSWD: /usr/bin/crontab in sudoers file.
End result with PHP:
/usr/bin/sudo /usr/bin/crontab command
Related
I am trying to transfer files from one server to another with the code below.
rsync -avz -e "ssh -i /root/.ssh/somekey" /var/www/admin/somefiles.txt root#xxx.xxx.xxx.xxx:/var/www/html_public/some-folder/
It works just fine if I do this on putty but if I do shell_exec this code on a php page and run the page on a browser. It does not work. It returns an empty string.
I hope someone can help me with this. Thanks in advance.
First, you need to check if you need to be a root or (sudo user) for running rsync.
If yes then exec() command will only work if it is run by same user on php-cli (not on browser by Apache user). i.e. Which user you are loggined into shell for run rsync.
If it is root or any elavated permission user with sudo permission then, This rsync command may not be available to apache/www-data user which is working when php script run from browser.
So You try to make a normal user and login through it, Then try rsync if you are successful then it may be interesting to see what are other problems can be, But if you getting access/permission denied then obviously you can not run this script at-least on browser.
Besides this One more thing permission may not be directly related to rsync command itself but with folder /etc/test/ which is owned by root user in normal scenario.
I have dug through everything I can find on the topic of starting a screen from PHP. I'm starting a game server, so I must run it from a specific user so that the server executable looks in the right folder for its other files. I have changed Apache's user from its default to the user I must run the server from. When I have exec('cd /User/FolderWithScript && bash script.sh); to emulate what I would do to start it, it doesn't report any errors in /var/log/apache2/error.log, but also doesn't start the server or its screen.
The same thing happens if I were to use exec('cd /User/FolderWithExecutable && screen -dmS ServerExcutable +Args'); which is essentially what the script does.
If I use exec(cd /User/FolderWithScript && bash ServerExcutable +Args); it spits out all of the usual stuff for the server in /var/log/apache2/error.log, but unfortunately also appears to be looking in the wrong directory for most of the game files, which are located in /User/.game.
Thanks!
I had to add in my sudoers file www-data ALL=(ALL) NOPASSWD: /Path/To/Script and then in PHP run exec('cd /Path/To/Script(AndExecutable) && sudo -u User /Path/To/Script); Basically, It wouldn't run correctly unless I ran the script from the folder the executable was in, and it wouldn't run unless I used the entire path to the script as entered in my sudoers file.
I've recently set up my Apache2 Server on my Linux machine. Now I've wanted to execute a PHP script (index.php), which runs a shell script (foo.sh), which creates a folder in my home directory, but the directory was not created.
These are the original two files:
foo.sh:
#!bin/bash
mkdir /home/lorenzo/testDir
index.php:
<?php
exec('sh test.sh');
?>
So, I thought maybe the problem occurs because of privileges or something, and indeed after I changed the files to that:
foo.sh:
#!bin/bash
echo "Hello world"
index.php:
<?php
$temp=exec('sh test.sh');
echo $temp;
?>
I saw the output Hello World on my website.
So the PHP script is executed and it runs the shell script. But why can't the shell script execute the mkdir command?
This indeed is most likely a permission issue.
You first have to figure out which user apache runs at. This is usually www-data (on Debian-ish Linuxes, such as Ubuntu) or apache (on RedHat-ish Linuxes) or something along the lines. A ps -eF | grep apache will reveal the user.
After you figured that out, make sure that the apache user has the appropriate rights in your home directory. You can either add it to your user group (using usermod -a -G ... and then chmod g+w ~) or allow writing for all users (chmod o+w ~).
But, both of this is a bad idea. Your php script (or anything else running as the apache user) can be broken into and cracked, leaving you home directory open for malicious attackers to modify and rm -rf.
In addition, if you’re running a RedHat-ish Linux, you will run into SELinux which by defaut prevents apache from accessing user directories at all. In that case, you also have to set setsebool -P httpd_enable_homedirs on.
Instead, I would recommend that you use a different directory and give your user full access to that. Something along the lines of /var/www/testDir with the apache as owner and group, and adding yourself to the apache user group is probably a sane idea.
It looks like a permission issue. Make sure that Apache has write permission to that directory
You may have permission issues on the server. Try to use chmod -R 775 <dirname>(or 777) in your ssh command line. You can do this in php code with chmod() too but I don't suggest you because it would run it everytime the php code runs and changing it more times is pointless. It can output to the screen but I bet the directory the script wants to make file has permission 755. Try to check it.
I have a php script that calls a python script which in turn is in charge of writing some files to disk.
If I execute the php script by entering its url in the web browser it can perform several filesystem related tasks:
it's able to create a dir
it's able to chmod the dir
but it's not able to execute the python script which would create and write other files.
The strange thing is that if I run the python script manually as www-data:
user#host $ sudo su www-data
passwd for sudo:
$ whoami
www-data
$ python my_script.py
It works like a charm.
I'm assuming the user when I run the script through the browser is www-data. So why is the result in the console any different?
SOLVED:
Python script starts off by importing some modules from my repository, which are appended to the path via .bashrc or .bash_profile on login consoles. These modules were not available from the browser to the user www-data. So adding this to the python script solved it:
import sys
sys.path.insert(0, 'path_to_my_modules')
solved it.
I apologize for the question. It didn't bring all the necessary information for users to lead to a solution. I guess the problem was so broad that it was difficult for me to start thinking of where its root was.
I lacked a good debugging technique to see what the error was. I commented out all the python script and begun with a simple print 'here'. Uncommenting lines one by one showed me the place where it just didn't print anything anymore (the error was obvious then).
First of all, don't assume that the user is www-data. You should get the output from whoami running from the PHP script to see if it is www-data. Also, you need to make sure your script has +x or execute permissions for the user.
You should read about execute permissions.
You need to use chown on your PHP script to change the ownership to the www-data user:
sudo chown www-data:www-data yourscript.php
Then you need to give the user execute permissions:
sudo chmod u+x yourscript.php
I have a file that is a bash script that requires SUDO to work.
I can run it from the command line using SUDO but I will be prompted to put in the SUDO password.
I want to run this script from php via shell_exec but I if I call SUDO, its not like a command line where I can be prompted for the password. Is there a way to pass the password for sudo with the sudo call?
How can I do this?
Edit the sudoers file (with visudo) and add a rule that allows the web server user to run the command without a password. For example:
www-data ALL=NOPASSWD: /path/to/script
There are various solutions for this problem.
First of all, consider changing the script permissions, if reason why you want sudo is simply a permission issue (see the comment I added to the question above).
Another approach would be using the setuid bit. [Edit: Looks like setuid does not work well with scripts. For explananations, see this link.]
A third, but very insecure method is to read the password from a password file. Warning: This is very insecure, if there's any other possibility, don't do it. And if you do it, try hiding the password file somewhere in your folder hierarchy.
<?php
shell_exec('sudo -u root -S bash script.sh < /home/[user]/passwordfile');
?>
And a fourth possibility is to use the NOPASSWD tag in the sudoers file. You should limit this power to the specific commands you need.
You can add something like this to your sudoers file:
username ALL=NOPASSWD: /path/to/script
This will allow that particular user to call sudo on that particular script without being prompted for a password.
The best secure method is to use the crontab. ie Save all your commands in a database say, mysql table and create a cronjob to read these mysql entreis and execute via shell_exec(). Please read this link for more detailed information.
* * * * * killProcess.php