For my project I am creating WEB interface to control QoS in Linux. I am trying to communicate with terminal with shell_exec() function PHP. And it works if try something simple like this:
shell_exec("ip link show");
But if try to change qdisc with(works in terminal):
shell_exec("sudo tc qdisc replace dev eth0 root pfifo");
nothing happens. I don't get any output either if I try to echo shell_exec(...);
I am running Ubuntu 14.04. I already added line in sudoers file to execute shell commands without password:
#includedir /etc/sudoers.d
%www-data ALL=NOPASSWD: /var/www/html
Maybe I did something wrong with sudoers file or is there any more things I should do before running shell_esec commands?
%www-data ALL=NOPASSWD: /var/www/html
This sudoers line would only allow www-data to execute the file /var/www/html. (Which is probably a directory, not an executable file, so it doesn't do anything.)
If you want to allow www-data to execute tc, you'll need to specify that in the sudoers file, using the full path to the executable.
It's not the exact answer, but try like this. It worked for me.
2>&1 produces the error message.
if(exec("sh whatever your cammand 2>&1", $output, $return_var))
{
print_r($output);
exit;
}
Related
I've a shell_test.php file in /var/www/html folder with this code:
<?php
shell_exec('/var/www/html/config.sh');
?>
config.sh in the same folder has this code:
#!/bin/sh
sudo -u root kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
When I run ./config.sh from folder, it runs.
When I run command in config.sh file directly in terminal, it
works too.
I've added this into sudoers file so that there is no need of password:
www-data ALL=(ALL) NOPASSWD: /var/www/html/config.sh
The thing is it's working fine when run using terminal in both the mentioned ways. Why is not executing when run in PHP?
Your problem is probably, that it is apache, www-data or some other user that is running your script and you try to run it as root.
Try without sudo -u root and change the group of the file to www-data with:
chown root:www-data your-script
As you say "It isn't outputting anything but my mosquitto broker is resetting every time it runs which lets me know"
I think you should replace
shell_exec('/var/www/html/config.sh');
with
$output = shell_exec('/var/www/html/config.sh');
echo $output;
According to php docs "shell_exec — Execute command via shell and return the complete output as a string"
shell_exec doesn't print by default; you have to store the string output and then use it
I made few changes in codes and it worked.
In shell_test.php, I changed code like this:
<?php
shell_exec('sudo -S ./config.sh');
?>
In config.sh, I changed like this:
#!/bin/sh
sudo kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
I want to start program when I enter my webpage, and problem is in permissions(??) because when I try
echo exec('whoami');
I've got valid response (www-data) but when i try code like it:
echo exec('/var/www/./sitesend');
and
echo passthru(/var/www/./sitesend');
I got no response. I tried to
chown www-data /var/www/sitesend
chmod 755 /var/www/sitesend
My C++ app runs correctly, and its sending by NRF infromations to turn lights.
But not work, when enter page app won't run and I don't get any reps in echo.
I don't have a conclusive answer, but you can try a number of things:
Try the follow command to see if www-data may run the command.
sudo -u www-data /var/www/sitesend
Try running a PHP script with the passthru command from the commandline.
See if you're running AppArmor for the Apache process. AppArmor will block execution for files not white listed.
ls /etc/apparmor.d
I have a bash script that mounts a usb drive, reads a text file on the usb drive, and echos that file to the php program that called it. The mount and unmount does not work.
If I mount the usb from command line the php works. Evidence points to the umount and mount not working. Any feedback would be appreciated.
Bash Script: DisplayTextFile.sh
#! /bin/bash
umount /dev/sdc1
mount -t vfat /dev/sdc1 /media/usbdisc -o uid=1000,gid=1000,utf8,dmask=000,fmask=000
$filetoecho=$(</media/usbdisc/textfile.txt)
echo "File Content: $filetoecho"
umount /dev/sdc1
exit $?
PHP that Calls Bash Script:
ob_start();
$command="/bin/bash /path/DisplayTextFile.sh"
passthru($command, &$result);
$filetoecho=ob_get_contents();
ob_end_clean();
As suggested above, I added DisplayTextFile.sh to sudoers at /etc/sudoers and it worked. I used nano to make the following entry:
www-data ALL=(ALL) NPPASSWD: /path/DisplayTextFile.sh
Once that entry was made, the problem was solved. Thanks a bunch.
You probably aren't running as root, try to add your user to the sudoers group (install sudo if you don't have it) and then change your user privileges to use sudo without password.
It's not really safe, so you must know what you're doing.
I would like lauched a command in php over my RPI.
The command is echo 'standby 0' | cec-client -s, it's work fine in ssh my Tv shutdown, but in php echo shell_exec("......") return adapters autodetect FAILED ... But also mkdir doesn't work with sheel_exec, so i think it's probably PATH problem, but i don't know how to fix it. My PATH in ssh is /usr/local/bin....... and in php is /sbin:/bin:/usr/sbin:/usr/bin .
How i can fix it. Sorry for my english ...
I tried the same and got a message saying "failed to open vchiq instance". I found a question on Raspberry Pi StackExchange suggesting to add the user to the "video" group. I did that with usermod -a -G video www-data and then restarted apache with /etc/init.d/apache2 restart. Then I was able to use cec-client from PHP and apache.
It is permissions problem. While running command via ssh you executing it as user pi(probably), but via shell_exec you execute command as user www-data which do not have necessary permissions. You can check this by running echo shell_exec("whoami");
You can easly fix this by adding line "www-data ALL=(ALL) NOPASSWD: ALL" into your "/etc/sudoers" file and then run "echo shell_exec("sudo echo 'standby 0' | sudo cec-client -s");", hovewer this will add to the user www-data all of the sudo permissions and it is very unsecure, but it will work. If you want to do it more secure way you need to find which permissions cec-client required to run properly and then add them to user www-data.
I have a script in /var/www/myscript.sh which creates folders and runs the command svn update for my projects. I need to execute this script by calling it in a PHP file in the browser (i.e. Localhost/test.php). I tried using functions shell_exec() and exec() but those did not work. I ran my shell script in terminal with su www-data && ./myscript.sh and it worked. What else am I missing?
<?php
$output = shell_exec("./myscript.sh");
?>
Update 5/4/2011:
I added www-data ALL=(ALL) NOPASSWD:ALL to /etc/sudoers and it works, but this is very insecure. Is there another way to do this?
Several possibilities:
You have safe mode enabled. That way, only exec() is working, and then only on executables in safe_mode_exec_dir
exec and shell_exec are disabled in php.ini
The path to the executable is wrong. If the script is in the same directory as the php file, try exec(dirname(__FILE__) . '/myscript.sh');
You might have disabled the exec privileges, most of the LAMP packages have those disabled. Check your php.ini for this line:
disable_functions = exec
And remove the exec, shell_exec entries if there are there.
Good Luck!
Residuum did provide a correct answer to how you should get shell exec to find your script, but in regards to security, there are a couple of points.
I would imagine you don't want your shell script to be in your web root, as it would be visible to anyone with web access to your server.
I would recommend moving the shell script to outside of the webroot
<?php
$tempFolder = '/tmp';
$webRootFolder = '/var/www';
$scriptName = 'myscript.sh';
$moveCommand = "mv $webRootFolder/$scriptName $tempFolder/$scriptName";
$output = shell_exec($moveCommand);
?>
In regards to the:
i added www-data ALL=(ALL) NOPASSWD:ALL to /etc/sudoers works
You can modify this to only cover the specific commands in your script which require sudo. Otherwise, if none of the commands in your sh script require sudo to execute, you don't need to do this at all anyway.
Try running the script as the apache user (use the su command to switch to the apache user) and if you are not prompted for sudo or given permission denied, etc, it'll be fine.
ie:
sudo su apache (or www-data)
cd /var/www
sh ./myscript
Also... what brought me here was that I wanted to run a multi line shell script using commands that are dynamically generated. I wanted all of my commands to run in the same shell, which won't happen using multiple calls to shell_exec(). The answer to that one is to do it like Jenkins - create your dynamically generated multi line of commands, put it in a variable, save it to a file in a temp folder, execute that file (using shell_exec in() php as Jenkins is Java), then do whatever you want with the output, and delete the temp file
... voila
If you are having a small script that you need to run (I simply needed to copy a file), I found it much easier to call the commands on the PHP script by calling
exec("sudo cp /tmp/testfile1 /var/www/html/testfile2");
and enabling such transaction by editing (or rather adding) a permitting line to the sudoers by first calling sudo visudo and adding the following line to the very end of it
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/testfile1 /var/www/html/testfile2
All I wanted to do was to copy a file and I have been having problems with doing so because of the root password problem, and as you mentioned I did NOT want to expose the system to have no password for all root transactions.