I try to insert line to /etc/ppp/chap-secret file via bash script what should run with php shell_exec.
I hope that I am on right way or is there a better way?
whatever my work is like below,
/var/www/test.php:
<?php echo shell_exec("cd /etc/ppp; bash test.sh"); ?>
/etc/ppp/test.sh:
#!/bin/bash
sed -i "/IP addresses/a client123* pw123123 192.168.0.101" chap-secrets
I also added www-data ALL=NOPASSWD: /etc/ppp/test.sh to sudoers.
I get this error:
sed: couldn't open temporary file ./sedXym2Nn: Permission denied
from terminal all works fine, but I need it from admin web via button click.
How to fix permissions error and get this process?
Granting a web server access to system files sure seems reckless, but at least you are using a wrapper script to prevent the server from running arbitrary commands with super user privileges. That being said:
You have given www-data sudo access to /etc/ppp/test.sh without password, but you are not executing the command with sudo from your shell_exec function.
Calling shell_exec("cd /etc/ppp; sudo bash test.sh"); should do the trick.
Related
I need to run a cPanel script from the command line via PHP's exec function (other cPanel options are not viable). The command is roughly:
uapi --user=[user] Email suspend_incoming email=[user]%40[domain].[tld]
I was getting the following error:
setuids failed: Attempting to setuid as a normal user with RUID ***
That in turn led me to realize that the user under which PHP runs does not have permission to execute that command which lead me to this thread. However just as you're not supposed to CHMOD files blatantly as 777 I don't want to blindly enable all commands for this user when using sudo from the command line or PHP's exec script.
How do I only allow the uapi command (also multiple specific commands) to be executed by this user when using sudo via an edit to the sudoers file?
You can give a user access to execute a command as root via an entry to sudoers file like so (assuming www-data is the PHP process owner user):
www-data ALL=(root) NOPASSWD: /path/to/uapi
Obtain the path to the uapi file via the command which uapi. You should carefully consider the security implications of this action.
This UNIX stackexchange question has a nice detailed explanation of the sudo entry syntax.
I'm trying to execute a php script but i'm having this kind of errors:
Warning: file_put_contents(/sys/class/gpio/export): failed to open stream: Permission denied in /home/pi/php-gpio/src/PhpGpio/Gpio.php on line 99
Warning: file_put_contents(/sys/class/gpio/gpio17/direction): failed to open stream: Permission denied in /home/pi/php-gpio/src/PhpGpio/Gpio.php on line 103
I've tried to set up the permission in the $ sudo visudo like this:
www-data ALL=NOPASSWD: path/to/my/script
or
www-data ALL=NOPASSWD: ALL
but is not working, i'm able to execute this script only with sudo form the command line!
Thanks in advance!
If you using in your computer, you must change the default directory permission:
$ sudo chmod -R +w /sys/class/gpio/export
else if you run code in a server, in server panel and in section files (e.g. CPanel) change permission and add write right.
Another way is running exec() command:
<?php
exec('chmod -R +w /sys/class/gpio/export');
?>
However, php should have exec right and running with root!
I recently published a project that allows PHP to obtain and interact with a real Bash shell (as root if requested), it solves the limitations of exec() and shell_exec(). Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('/sys/class/gpio/export');
$return2 = $shell->exeCmd('/sys/class/gpio/gpio17/direction');
//the return will be a string containing the return of the command
echo $return1;
echo $return2;
In terms of security it is far better than running apache as root, or the wide open sudo permissions in your question. But letting PHP anywhere near root is always tricky.
The project i built achieves a root bash shell in one of 2 ways:
1) You allow apache the right to sudo python.
OR
2) You pass root credentials to the object every time you need a shell with root setup.
Pick your poison. :) Read the documentation.
Okay so I want to change the file mode of a directory to 777 so I use the line
exec('chmod -R 777' . $dir);
where $dir is the directory path of the directory I wanna change
it doesn't seem to work but I don't get an error for it, also if the user I was executing the script from was a sudo user so I have to enter the password after I enter the command, how would I do this? Would it be something like exec('chmod -R 777' . $dir\n 'password'); ?
Information I get from this site
Execute system commands via PHP
Many a times we need to execute system commands on a Linux system – to delete a directory, or restart a service. However, since Apache does not run with root privileges, it is nearly impossible to use PHP’s exec(), system() or passthru() functions to achieve that.
The solution to this is very simple, specially on Ubuntu. The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.
1.Run the command sudo visudo
2.At the end of the file, add the following
www-data ALL=NOPASSWD: /sbin/iptables, /usr/bin/du
This is assuming that you wish to run iptables and du using super user (root) privileges. However, if you wish to run every application using super user privileges, then add the following instead of what’s above
www-data ALL=NOPASSWD: ALL
3.That’s it, now use exec() in the following manner inside your .php script
exec ("sudo iptables -P FORWARD ACCEPT");
I'm new in using Linux, I'm trying to write a PHP code which can run .exe linux compatible file, I've made a short shell script
hello bash script:
#!/bin/bash
./program.exe file.mp4 // file.mp4 is an an input for .exe
echo "Hello World!"
shell.php:
<?php
$output = exec ("./hello ");
echo "<pre>$output</pre>";
?>
Now when I run shell.php using web browser it shows Hello World! but the .exe doesn't run, however when I run php using terminal command php shell.php, It works fine.
I think I'm having problems with permissions but I'm new with Linux and I don't know how to solve this.
Update:
I ignored the shell script and I used
<?php
$output = shell_exec ("cd /var/www/ && ./program.exe file.mp4 2>& " );
?>
also I granted access to program.exe
chmod 777 program.exe
the error I receive in the browser :could not open debug.bin!
use the absolute path to hello executable exec("sh path/to/the/file")
I'm using something similar to call an app compiled with mono on a remote ubuntu webserver and return it's output to the calling script.
For any of this to work properly wine needs to be already installed.
On Ubuntu systems try:
sudo apt-get -y install wine
You then need to know the owner of the web server process. If you are running the apache web server try the following:
cat /etc/apache2/envvars | grep "RUN"
The output will look something like this:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
Now that you have the name of the process owner, which in this case is www-data you should ensure the file is owned the user and its group:
sudo chown www-data /var/www/program.exe
sudo chgrp www-data /var/www/program.exe
Finally, we can invoke the application from inside our PHP script by passsing it as a parameter to 'wine' and using its full file path.
<?php
$output = shell_exec("wine /var/www/program.exe file.mp4" );
?>
Any output from the above shell command sent to the command line will be saved in the PHP script variable $output.
It looks like you are trying to do some output redirection with your use of program.exe file.mp4 2>& so I've left that off of the example for clairity.
Try using the absolute path, such as exec("sh /path/to/file")
Generally, php is run as www or apache, so make sure that the execute access permission is granted to all user.
I have a script in /var/www/myscript.sh which creates folders and runs the command svn update for my projects. I need to execute this script by calling it in a PHP file in the browser (i.e. Localhost/test.php). I tried using functions shell_exec() and exec() but those did not work. I ran my shell script in terminal with su www-data && ./myscript.sh and it worked. What else am I missing?
<?php
$output = shell_exec("./myscript.sh");
?>
Update 5/4/2011:
I added www-data ALL=(ALL) NOPASSWD:ALL to /etc/sudoers and it works, but this is very insecure. Is there another way to do this?
Several possibilities:
You have safe mode enabled. That way, only exec() is working, and then only on executables in safe_mode_exec_dir
exec and shell_exec are disabled in php.ini
The path to the executable is wrong. If the script is in the same directory as the php file, try exec(dirname(__FILE__) . '/myscript.sh');
You might have disabled the exec privileges, most of the LAMP packages have those disabled. Check your php.ini for this line:
disable_functions = exec
And remove the exec, shell_exec entries if there are there.
Good Luck!
Residuum did provide a correct answer to how you should get shell exec to find your script, but in regards to security, there are a couple of points.
I would imagine you don't want your shell script to be in your web root, as it would be visible to anyone with web access to your server.
I would recommend moving the shell script to outside of the webroot
<?php
$tempFolder = '/tmp';
$webRootFolder = '/var/www';
$scriptName = 'myscript.sh';
$moveCommand = "mv $webRootFolder/$scriptName $tempFolder/$scriptName";
$output = shell_exec($moveCommand);
?>
In regards to the:
i added www-data ALL=(ALL) NOPASSWD:ALL to /etc/sudoers works
You can modify this to only cover the specific commands in your script which require sudo. Otherwise, if none of the commands in your sh script require sudo to execute, you don't need to do this at all anyway.
Try running the script as the apache user (use the su command to switch to the apache user) and if you are not prompted for sudo or given permission denied, etc, it'll be fine.
ie:
sudo su apache (or www-data)
cd /var/www
sh ./myscript
Also... what brought me here was that I wanted to run a multi line shell script using commands that are dynamically generated. I wanted all of my commands to run in the same shell, which won't happen using multiple calls to shell_exec(). The answer to that one is to do it like Jenkins - create your dynamically generated multi line of commands, put it in a variable, save it to a file in a temp folder, execute that file (using shell_exec in() php as Jenkins is Java), then do whatever you want with the output, and delete the temp file
... voila
If you are having a small script that you need to run (I simply needed to copy a file), I found it much easier to call the commands on the PHP script by calling
exec("sudo cp /tmp/testfile1 /var/www/html/testfile2");
and enabling such transaction by editing (or rather adding) a permitting line to the sudoers by first calling sudo visudo and adding the following line to the very end of it
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/testfile1 /var/www/html/testfile2
All I wanted to do was to copy a file and I have been having problems with doing so because of the root password problem, and as you mentioned I did NOT want to expose the system to have no password for all root transactions.