I have a bash script that takes a parameter is called in PHP by shell_exec(script.sh parameter). Basically, my goal is to call a script that is owned by another user that is not apache.
The script.sh script is a file that contains the following (right now there are some error handling commands):
#/bin/bash
whoami>>whoami
echo $1 >> parameter
while read f; do
env>>envoutput
sudo -i -u archivescriptowner /path/to/archivescript.sh -command archive >> output
done < $1
In my /etc/sudoers file , I have the following:
apache ALL=(archivescriptowner) NOPASSWD: /bin/bash -c /path/to/archivescript.sh *
When I run this script as by running su -s /bin/bash apache and pass a parameter, it works.
When I run it via my button in php, archivescript.sh does not execute
The whoami file has apache written to it
The parameter file has the right file written to it
env shows the following
Term=xterm
LD_LIBRARY_PATH=/path/to/library
PATH=/sbin/:usr/sbin:/bin:/usr/bin
PWD=/var/www/html
LANG=C
SHLVL=4
=/bin/env
PWD is outputting right, that is where my script is right now, it will be moved in the future.
The output file when it is ran by the button click is blank.
I am at a loss as to why this is not working. Any insight would be helpful. Please let me know if I need to give any additional information.
I recently published a project that allows PHP to obtain and interact with a real Bash shell. Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('/path/to/archivescript.sh');
echo $return1; //return from your script
Related
On a local linux server (Rapsberry Pi debian stretch with desktop), I am working on sending "audtool" commands to a running Audacious media player using php, exec and bash scripts. Audacious is autostarted when the server starts up with user "pi". I have apache2 and php set up and working on the server, and I can ssh to the server and run all the commands from the cli. I believe I have resolved the issues with running audtool (dbus and setting the right environment variables) and running the php on the command line works successfully. However when running the php on a webpage I get back a long string of information about apache2
I have spent several hours (getting on for a whole day) researching this on the web in order to get to this stage, so close I can almost touch it, but stuck on this last element. The example is to display the current song from a running instance of Audacious. Audtool requires a running dbus (looks for a display). Using exec or shell_exec I have no problems running bash commands such as whoami or ls.
The php page (cursong.php):
<?php
echo exec('/var/www/html/cursong.sh');
?>
The bash script (cursong.sh):
#!/bin/bash
##call current song
pid=`pidof audacious`
user=`ps -p $pid -o user=`
export `strings /proc/$pid/environ | grep DBUS_SESSION_BUS_ADDRESS`
sudo -E -su $user /usr/bin/audtool --current-song
(from here: https://redmine.audacious-media-player.org/boards/1/topics/1058?r=1059)
Output from command line:
php -f cursong.php
Artist - Song Title (for example - so this works)
Output on webpage:
declare -x APACHE_LOCK_DIR="/var/lock/apache2" declare -x
APACHE_LOG_DIR="/var/log/apache2" declare -x
APACHE_PID_FILE="/var/run/apache2/apache2.pid" declare -x
APACHE_RUN_DIR="/var/run/apache2" declare -x APACHE_RUN_GROUP="www-
data" declare -x APACHE_RUN_USER="www-data" declare -x
INVOCATION_ID="4ce76136ca8842bd9108d6b1b9a5b9ed" declare -x
JOURNAL_STREAM="8:23896" declare -x LANG="C" declare -x OLDPWD
declare -x
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
declare -x PWD="/var/www/html" declare -x SHLVL="1"
I have set www-data, the apache2 user with the following in
/etc/sudoers:
www-data ALL=NOPASSWD: ALL
and /var/www/html is rwx for anyone
Obviously, I am expecting to see "Artist - Song Title" on the webpage, but instead I get back all the apache2 info. What am i missing, or where have I gone wrong?
I hate answering my own question, makes it look like I wasn't trying hard enough! After a further five hours or so of searching around and attempting fixes, I happened upon this post on SO:
Running command-line application from PHP as specific user
which suggested putting a "sudo -u user" in the exec of the php file. I tried this with the "pi" user and it still didn't work, then I simply tried it with "sudo" and hey presto!!
The php file now looks like this:
<?php
echo shell_exec('sudo /var/www/html/cursong.sh 2>&1');
?>
Now to do some testing on how it works with the other audtool commands that don't ask for a response but require action from audacious, and to see how I can reduce scripting php files by passing a parameter to the bash script!
Just for completeness, the php and bash scripts for both a request and an action, using a parameter fed to the php url and then on to the bash script:
PHP File with Parameter
<?php
$request = $_GET["request"];
echo shell_exec("sudo /var/www/html/cursong.sh \"${request}\" 2>&1");
?>
url example:
http://192.168.1.92/cursong.php?request="--playlist-shuffle-status"
Bash Script with parameter
#!/bin/bash
##call request
pid=`pidof audacious`
user=`ps -p $pid -o user=`
export `strings /proc/$pid/environ | grep DBUS_SESSION_BUS_ADDRESS`
sudo -E -su $user /usr/bin/audtool $1
PHP file for an action
<?php
$action = $_GET["action"];
shell_exec('sudo /var/www/html/playsong.sh \"${request}\" ');
?>
url example:
http://192.168.1.92/cursong.php?action="--playback-play"
Bash script for an action
#!/bin/bash
##call action
pid=`pidof audacious`
user=`ps -p $pid -o user=`
export `strings /proc/$pid/environ | grep DBUS_SESSION_BUS_ADDRESS`
sudo -E -su $user /usr/bin/audtool $1
I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.
I have done the following.
Created my bash script file script_test.sh
#!/bin/bash
whoami
echo $USER
echo 'test'
exit
when I run this from CLI, using
./ script_test.sh
It does indeed work and I can see the info echoed out in the CLI.
I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.
I created my php page (php_test.php) and it contains the following
<?php
chdir('/path/to/my/files/');
shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
I then ran the following to modify the sudoers file, giving www-data access to the bash script
sudo nano /etc/sudoers
to which I added the following line
www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh
I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command
sudo chmod 777 script_test.sh
From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.
Is there another log that could contain clues on this?
What else should I check here?
The result of shell_exec() is returned as string. To display it in your browser, simply add echo.
<?php
chdir('/path/to/my/files/');
echo shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
echo shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
See the Return Values in the manual:
The output from the executed command or NULL if an error occurred or
the command produces no output.
Can you try to use passthru instead of shell_exec, and see the output anything?
Also try this, and see if it shows on the log file:
if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");
Also, are you running PHP with the www-data user (check your fpm pool)?
Do you have any error on /var/log/syslog or /var/log/auth.log ?
Have you restarted the server after changing the sudo permissions?
What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?
Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?
I'm trying to execute a command through PHP with shell_exec. The PHP file is hosted by Apache on my Ubuntu server.
When I run this:
echo shell_exec("ps ax | grep nginx");
Then I get to see data. But when I run another command, for example:
echo shell_exec("cat /usr/local/nginx/config/nginx.config");
Then it's not showing anything at all. But when I copy that command and paste it in my terminal, then it executes fine.
My Apache server is running as user www-data. So I edited sudoers and added this line:
www-data ALL=(ALL:ALL) ALL
I know this is a security risk, but I wanted to make sure (for now) that www-data is able to execute all commands. But, for some reason I'm still not able to execute all commands with my PHP script.
Anyone any idea what to do?
have you read http://php.net/manual/en/function.shell-exec.php
There is quite a discussion in comments section. Top comment is:
If you're trying to run a command such as "gunzip -t" in shell_exec and getting an empty result, you might need to add 2>&1 to the end of the command, eg:
Won't always work:
echo shell_exec("gunzip -c -t $path_to_backup_file");
Should work:
echo shell_exec("gunzip -c -t $path_to_backup_file 2>&1");
In the above example, a line break at the beginning of the gunzip output seemed to prevent shell_exec printing anything else. Hope this saves someone else an hour or two.
echo shell_exec("sudo cat /usr/local/nginx/config/nginx.config");
Try that.
I'm new in using Linux, I'm trying to write a PHP code which can run .exe linux compatible file, I've made a short shell script
hello bash script:
#!/bin/bash
./program.exe file.mp4 // file.mp4 is an an input for .exe
echo "Hello World!"
shell.php:
<?php
$output = exec ("./hello ");
echo "<pre>$output</pre>";
?>
Now when I run shell.php using web browser it shows Hello World! but the .exe doesn't run, however when I run php using terminal command php shell.php, It works fine.
I think I'm having problems with permissions but I'm new with Linux and I don't know how to solve this.
Update:
I ignored the shell script and I used
<?php
$output = shell_exec ("cd /var/www/ && ./program.exe file.mp4 2>& " );
?>
also I granted access to program.exe
chmod 777 program.exe
the error I receive in the browser :could not open debug.bin!
use the absolute path to hello executable exec("sh path/to/the/file")
I'm using something similar to call an app compiled with mono on a remote ubuntu webserver and return it's output to the calling script.
For any of this to work properly wine needs to be already installed.
On Ubuntu systems try:
sudo apt-get -y install wine
You then need to know the owner of the web server process. If you are running the apache web server try the following:
cat /etc/apache2/envvars | grep "RUN"
The output will look something like this:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
Now that you have the name of the process owner, which in this case is www-data you should ensure the file is owned the user and its group:
sudo chown www-data /var/www/program.exe
sudo chgrp www-data /var/www/program.exe
Finally, we can invoke the application from inside our PHP script by passsing it as a parameter to 'wine' and using its full file path.
<?php
$output = shell_exec("wine /var/www/program.exe file.mp4" );
?>
Any output from the above shell command sent to the command line will be saved in the PHP script variable $output.
It looks like you are trying to do some output redirection with your use of program.exe file.mp4 2>& so I've left that off of the example for clairity.
Try using the absolute path, such as exec("sh /path/to/file")
Generally, php is run as www or apache, so make sure that the execute access permission is granted to all user.
I've made a simple bash script for server admininstration and I cannot figure how can I run it in safely inside a php page: I'd like to create a php admininstration page but I obviously don't want to hard-code root password anyware. Let's make an example (this is a foo script, of course)
#!/bin/bash
touch /$1
this simple/stupid script will not work if the user who run it as no writing permission on /.
Actually the script add apache virtualhosts, ftp users and so on...
any ideas?
thanks
Use
sudo /path/to/executable/file
and set up sudo so it can execute the following command for the current user as a root.
http://www.sudo.ws/sudo/sudoers.man.html - here is the sudoers manual, the configuration file, that you have to modify.
zerkms ALL = (ALL) NOPASSWD: /sbin/iptables -L FORWARD -n -v -x
This is example from my /etc/sudoers. Here I allowed to run command /sbin/iptables -L FORWARD -n -v -x as root without asking a password for user zerkms.