I'm using nginx with php , and I would like to run some command with exec()
http://php.net/manual/fr/function.exec.php .
the current example work perfectly echo exec('whoami'); but when I try with other command the output is empty.
the exec() is enabled on my php.ini and the safe mode is disabled , I also edited the sudoers www-data ALL=(ALL:ALL) ALL but sudo -u www-data cammand still required a password
Any solution please, thank you all
Related
I am using ubuntu server 20.04 LTS, where I have multiple shell files, using php from apache I need to run multiple shell files from a browser but need to run as root.
I have tried the command shell_exec and added sudoers (www-data) and none works, which I can put in the code to enter as root and be able to execute the shell script.
<?php
$code = shell_exec('echo "passwd" | sudo -u root -S sh /home/user/name.sh');
echo "<pre>$code</pre>";
?>
Because your are executing this script as www-data and www-data doesn't have the required privilege to execute any sudo commands.
You can try the following steps.
Modify www-data in /etc/sudoers to be able to execute a script as the superuser. This is a sensitive file and you have to use visudo as the editor to make the changes.
$ sudo visudo -f /etc/sudoers
www-data ALL=(ALL) NOPASSWD: /home/user/name.sh
This will allow www-data to execute the script as the superuser without a password.
In your PHP code change the command in your shell_exec() as follows:
$code = shell_exec(sudo sh /home/user/name.sh');
Make sure your name.sh is set up with proper file modes to protect yourself.
I have created a file test.sh which looks like this:
#!/bin/sh
mkdir /testDir
If I run the script on the command line like: sudo /path/to/test.sh it successfully creates the directory.
I have added the sudo permissions like this in the visudo:
www-data ALL=NOPASSWD: /path/to/test.sh
and I am running the script like this in my .php file:
shell_exec('sh /path/to/test.sh');
But no directory is being created!
What am I doing wrong?!
Correct user for sudo permissions?
When I run shell_exec('whoami') on the php file I get:
www-data
Correct path to script from php?
I have tested the shell script by adding an echo statement like:
#!/bin/sh
mkdir /testDir
echo "hello"
And when I run the .php command like:
echo shell_exec('sh /path/to/test.sh');
the .php page returns
hello
I have also tried in the test.sh:
output=$( mkdir /testDir )
echo "$output"
but nothing is returned
Update
If I add this to the visudo:
www-data ALL=(ALL) NOPASSWD: ALL
it works!! But when I do:
www-data ALL=(ALL) NOPASSWD: /path/to/test.sh
It doesn't... As you know already know.
I have found a good way to debug by also changing the PHP to
echo shell_exec('sh /path/to/test.sh 2>&1 1> /dev/null');
and it returns the error:
sudo: no tty present and no askpass program specified
So I have tried:
adding Defaults:www-data !requiretty to the visudo but no luck!!!!
adding -t and -A to the sudo command... (ie sudo -t ...)
adding export SUDO_ASKPASS=/usr/lib/openssh/gnome-ssh-askpass before the sudo command and that then just leads to a whole new world of errors.
I have no idea about this requiretty as it does not seem to be anywhere on my ubuntu system. It is not mentioned once in the visudo?
I have spent too long on this!
Can someone tell me what the problems that I could come across if I did just do:
www-data ALL=(ALL) NOPASSWD: ALL
?
If
www-data ALL=(ALL) NOPASSWD: ALL
works, but
www-data ALL=(ALL) NOPASSWD: /path/to/test.sh
does not, then clearly the executed command does not match /path/to/test.sh.
And looking at your code, you are actually not invoking /path/to/test.sh:
sh /path/to/test.sh
You are invoking sh! With /path/to/test.sh as first argument, but still.
You either need to invoke the script directly (if that works):
shell_exec('/path/to/test.sh');
or update your sudoers file accordingly (note the full path of sh):
www-data ALL=(ALL) NOPASSWD: /bin/sh /path/to/test.sh
This worked for me: Added this to my ubuntu > sudoers file www-data ALL=/etc/path-to-my/script.sh
Hope this solves yours too
Some tips I would try:
try using exec instead of shell_exec
try disabling selinux if enabled
try to remove the /bin/sh prefix and use the shebang inside the script instead
become www-data (su www-data -s /bin/bash) and do your tests on the CLI
I hope this helps
I am running CentOS 6, as httpd is executed as user 'apache'. For security reasons, I want to use sudo to be executed via exec as user 'aq':
<?php exec("/usr/bin/sudo -u aq somescript.sh",$output,$return_val);?>
With visudo I have added the following line:
apache ALL = (aq) NOPASSWD: ALL
Furthermore I temporary gave apache as login shell (/bin/bash), to be able to test
/usr/bin/sudo -u aq somescript.sh
directly which worked.
php exec fails as $return_val delivers a '1' if sudo is invoked.
Comment out this line from /etc/sudoers
Defaults requiretty
I'v tested your case in few ways ant this one gives me success.
I have a working shell script using killall to kill all instances of a program like below:
killall abc
Now, I write a php webpage to execute this script using shell_exec function:
shell_exec('sh ./myscript.sh');
Problem is that my php code works correct on commandline with "php myscript.php", but not works in browsers!. However, I know that the user in commandline is "root" and in php is "apache" (I get this with 'whoami').
The linux distribution is Centos 6 which uses SElinux. I changed the status of selinux to permissive.
Things I've checked:
PHP safe_mode is off
shell_exec() is not present in disable_functions in php.ini
Is there a way to run scripts with kill command using php?
Thank you for your help.
you either have to run apache as root (insecure) or, which would be much safer, you have to run the commands you try to kill as 'apache', or you configure your sudoers file to grant apache rights to killall command:
# vim /etc/sudoers
apache localhost=(ALL) NOPASSWD:/usr/bin/killall
and then change the myscript.sh to do sudo killall abc
My command is
echo root_password | sudo -u root -S executable_full_path arguments
The error message I get in the browser is
[sudo] password for www-data: Sorry,
try again.
From phpinfo(), safe mode is off and there are no disabled functions. Why isn't this working? The same command runs fine in the shell (bash). Escapeshellarg and escapeshellcmd don't make a difference.
EDIT: Simply being able to execute the command is not enough. The program that gets executed creates a socket in /tmp, and needs to assign it permissions. So I think I really need to be root for this, is that possible?
As Álvaro suggested, I'm putting my comment as answer. Matt, this would make it possible to run that command as root.
#Matt, don't do that /etc/sudoers (btw, you edit this file with the visudo command, never directly). That way you are making possible that any sudo whatever command run by your web application is run by root, possibiliting a lot of fun for an attacker if he founds a vulnerability in your application.
If you would like to run just ONE command as root without need for passwords, put this in /etc/sudoers (remember visudo command):
www-data ALL=(ALL) NOPASSWD: executable_full_path
Then you are only allowing to execute just this command as root. Now you should be able to do
sudo -u root executable_full_path arguments
without need to type in a password (and it will run as root). Also, this is the only command the user www-data may execute as root using sudo, so it should not be dangerous.
You're echoing the root password when you should be echoing the password for www-data.
Use this on your /ets/sudoers
Example for run gconftool-2 :
www-data ALL=NOPASSWD: /usr/bin/gconftool-2
www-data ALL=NOPASSWD: /usr/bin/sudo
www-data ALL=NOPASSWD: ALL