I want to access my environment variables into a php file through the web user.
Not when i execute printenv on the server, that particular environment variable gets displayed, but on running it as a web user, sudo -u www-data printenv it is not displayed.
My server is an apache server hosted on Ubuntu 14.04 on DigitalOcean, any help would be much appreciated.
Thanks
You can get most environment variables through $_ENV.
First, check you can get the data you want "manually", on your shell :
sudo su yourusername -c printenv
Is this the data you are looking for ? You were asked a password, right (should be in most case)?
For www-data can acces your environnement variable, it should log "as you" for check, so it ask for a password and fail, as we don't passed it through php. And we won't.
The proper way for doing this, without security issue, is to use sudoers, wich allow some user to do some commands without being asked a pass.
To use it, run the command visudo as root, then add this at the end of the file
www-data ALL = NOPASSWD: su yourusername -c printenv
Now the provious command can be runned from the user www-data without pass, so PHP can use it.
Edit: this way you can't access user environnement without knowing their username, but it's fine for your own use.
Related
There are many questions on this topic, but my situation is quite strange.
I am trying to print out exec("sudo -u root whoami") in php. But it returns nothing.
I added %www-data ALL=(ALL:ALL) ALL via sudo visudo but no luck on what is happenning, no error, just not printing out anything.
Any suggestion?
Thanks in advance
How is your webserver going to enter the password for sudo?
Your configuration allows the webserver-user to run all commands on the server. But that requires the user to enter their password. And the webserver
can't do that interactively
doesn't even have a apassword
So if you want to do what you try to do (giving the process running PHP root-access to the machine is a very bad idea) you should add this to your sudo-config:
%www-data ALL = NOPASSWD: /usr/bin/whoami
That allows the group www-data to run whoami as root without an interctive password-prompt
I'm trying to display my PIs temperatures in a website that I can access anywhere at any time.
So far I've been able to get the CPU and GPU temps working. However my HDD temp won't show in the browser. It works fine in terminal.
Here is a pic:
As you'll notice I didn't have the GPU temp showing either, however this was fixed by using the following command:
sudo usermod -G video www-data
I haven't been successful in getting this to work for smartmoxntools, though.
Does anyone know how to make it work?
Also, is it safe to have these in an external website? Can hackers inject php code to run shell commands using it?
in order to run some root privileged command in website, you need to put www-data in your /etc/sudoers to allow the www-data to run as root for the command, here is the line you need in /etc/sudoers:
www-data ALL=(root) NOPASSWD: /usr/sbin/smartctl
When executing under your web server, your script will probably have a different PATH configured, so it will run differently from how it runs in the Terminal.
Try putting the full path to smartctl in your script, e.g.
sudo /usr/local/bin/smartctl -A -d sat /dev/sda | awk '/^194/ {print $10}'
I am trying to route add ip (Thats for null routing an ip, means that, preventing ip to send packets to my server. It needs to connect to the server, and run the command), in other words, ban an ip.
SSH command
route add 50.50.50.50 gw 127.0.0.1 lo
But I want to use it in php, using shell_exec() function. Tried this without any luck.
Php
shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo");
It doesnt give me errors, nothing. What is the correct way to run that command in shell_exec() ?
try:
$output = shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo");
echo "<pre>$output</pre>";
So depending on what HTTP server you are using (nginx, apache, etc) if properly configured these service accounts should not be able to execute that command because they do not have root level privileges in order to execute the changes you are wanting to make even if shell_exec is enabled.
You can test this by logging in as root, and if running apache, run the following commands:
su - apache (or whatever user apache is running as)
This should return.
This account is currently not available.
Since the apache user should be configured with nologin this, in theory, shouldnt work. However you can add a user to test this behavior with via 'useradd'.
That being said.. on my virtual machine I recreated this for context. I created a test user and attempted to run the command you listed. Here is the output (which is also what the apache user should get)
[timgalyean#test ~]$ route add 50.50.50.50 gw 127.0.0.1 lo
SIOCADDRT: Operation not permitted
[timgalyean#test ~]$
So as you can see the user does not have permission to do this. Contrary to the task at hand this is a good thing.
Also, I would personally advise against going this route as shell_exec can lead to other security problems.. specially if you give your user permissions to execute this.
Another thing I noticed is that you have sudo in your command. The service user should not have sudo access either. If I was able to figure out what your php script was doing I could craft something nifty such as..
shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo ; wget url/myfile.txt; bash -c 'myfile.txt'");
Assuming myfile.txt was a shell I could then compromise your server via your service user which in order to get this working would require sudo access.
Trying to trigger a shell script with POST request (handled by nginx). No success so far.
What I have:
exec('whoami'); // nginx
nginx:x:220:498:Nginx web server:/var/lib/nginx:/sbin/nologin
As we can see, nginx user has no shell. Could that be a problem? Next,
nginx ALL=(user) NOPASSWD: /path/to/script.sh
If I change nginx to my real user, I can run sudo -u user /path/to/script.sh without password prompt, but for some reason I'm still asked for password if I run su -s /bin/bash -c /path/to/script.sh user. Perhaps, latter invokation is somewhat more suitable for the nginx user, since he has nologin shell.
So whenever I run exec('sudo -u user /path/to/script.sh'); or run some wrapper script with that line in it through PHP - nothing happens. I can't even identify what doesn't work, since no errors are thrown.
Any help would be much appreciated.
Thanks to the #fejese and #triplee , I finally figured it out. I had to requiretty parameter in sudoers file, when that was changed to...
#Defaults requiretty
#Defaults !visiblepw
...it all went going!
Okay so I want to change the file mode of a directory to 777 so I use the line
exec('chmod -R 777' . $dir);
where $dir is the directory path of the directory I wanna change
it doesn't seem to work but I don't get an error for it, also if the user I was executing the script from was a sudo user so I have to enter the password after I enter the command, how would I do this? Would it be something like exec('chmod -R 777' . $dir\n 'password'); ?
Information I get from this site
Execute system commands via PHP
Many a times we need to execute system commands on a Linux system – to delete a directory, or restart a service. However, since Apache does not run with root privileges, it is nearly impossible to use PHP’s exec(), system() or passthru() functions to achieve that.
The solution to this is very simple, specially on Ubuntu. The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.
1.Run the command sudo visudo
2.At the end of the file, add the following
www-data ALL=NOPASSWD: /sbin/iptables, /usr/bin/du
This is assuming that you wish to run iptables and du using super user (root) privileges. However, if you wish to run every application using super user privileges, then add the following instead of what’s above
www-data ALL=NOPASSWD: ALL
3.That’s it, now use exec() in the following manner inside your .php script
exec ("sudo iptables -P FORWARD ACCEPT");