im trying to execute a bash script with a php/html button to wake my nas.
<form action="" method="POST">
<input type="submit" value="Wake NAS" name="zero" />
</form>
<?php
if (isset($_POST["zero"])){
#echo "Hello World!";
shell_exec("/var/www/html/wakenas.sh &");
}?>
"Hello World" is printed when button is pressed.
but code won't be executed.
the wakenas.sh looks like this and works if i execute it over shell
#!/bin/bash
etherwake -D "BC:5F:F4:09:E1:07"
echo "why!?!?!" > "/var/www/html/works.txt"
exit 1
wakenas.sh has all rights
Maybe you guys know why it wont be executed.
thanks in advance
The easy and secure way of executing your script is to put in sudoers. Assuming your Linux distribution is Debian base and user of who run the web server is www-data, then you can create a file e.g /etc/sudoers.d/wakeup_ether
Cmnd_Alias WAKE_UP_CMD = /var/www/html/wakenas.sh
www-data ALL=NOPASSWD: WAKE_UP_CMD
Modify your script to prefix the command with sudo.
shell_exec("sudo /var/www/html/wakenas.sh &");
Reference: https://help.ubuntu.com/community/RootSudo
From your dump:
etherwake: This program must be run as root.
when you execute wakenas.sh you probably are executing it as root. That's why it works.
Give the sudo permission (without password) to the user that your php server is running.
And change the wakenas.sh to:
#!/bin/bash
sudo etherwake -D "BC:5F:F4:09:E1:07"
echo "why!?!?!" > "/var/www/html/works.txt"
exit 1
I recently published a project that allows PHP to obtain and interact with a real Bash shell (as root if requested), it solves the limitations of exec() and shell_exec(). Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd("etherwake -D \"BC:5F:F4:09:E1:07\"");
//the return will be a string containing the return of the command
echo $return1;
Related
I am trying to use an html form action pointed to a PHP file in order to execute a .sh script in the background in Ubuntu server.
Click here (moodle) > php executes bash and redirects the web page > script runs and starts a headless vm.
php file is saved to /var/www/html/moodle
script is saved to /etc/init.d
html code is obviously embedded in the site
<form action="http://xxx.xxx.xxx.xxx/moodle/scriptname.php">
<input type="submit" value="Button name">
</form>
php configuration
<?php
putenv("PATH=/etc/init.d/:" .$_ENV["PATH"]."");
$output = "<pre>".shell_exec("scriptname.sh")."</pre>";
echo $output;
header('Location:http://XXX.XXX.X.XX/moodle/mod/page/view.phpid=133&forceview=1');
?>
Script
#! /bin/sh
# /etc/init.d/StartVM
#
#Edit these variables!
VMUSER=myusername
VMNAME="nameofvm"
echo "Starting VirtualBox VM..."
sudo -H -b -u $VMUSER /usr/bin/VBoxVRDP -s "$VMNAME"
exit 1
;;
esac
exit 0
I cant figure out why the this wont work. The script produces results when ran in terminal. The html code redirect the web page according to the php file, but the script will not execute when clicking the button in moodle.
Any help is appreciated.
Thanks
MAC
In your script, use the full path for sudo (/usr/bin/sudo) and modify your sudoers file if needed (Pointed out in the comments by Lawrence Cherone).
I've a shell_test.php file in /var/www/html folder with this code:
<?php
shell_exec('/var/www/html/config.sh');
?>
config.sh in the same folder has this code:
#!/bin/sh
sudo -u root kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
When I run ./config.sh from folder, it runs.
When I run command in config.sh file directly in terminal, it
works too.
I've added this into sudoers file so that there is no need of password:
www-data ALL=(ALL) NOPASSWD: /var/www/html/config.sh
The thing is it's working fine when run using terminal in both the mentioned ways. Why is not executing when run in PHP?
Your problem is probably, that it is apache, www-data or some other user that is running your script and you try to run it as root.
Try without sudo -u root and change the group of the file to www-data with:
chown root:www-data your-script
As you say "It isn't outputting anything but my mosquitto broker is resetting every time it runs which lets me know"
I think you should replace
shell_exec('/var/www/html/config.sh');
with
$output = shell_exec('/var/www/html/config.sh');
echo $output;
According to php docs "shell_exec — Execute command via shell and return the complete output as a string"
shell_exec doesn't print by default; you have to store the string output and then use it
I made few changes in codes and it worked.
In shell_test.php, I changed code like this:
<?php
shell_exec('sudo -S ./config.sh');
?>
In config.sh, I changed like this:
#!/bin/sh
sudo kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.
I have done the following.
Created my bash script file script_test.sh
#!/bin/bash
whoami
echo $USER
echo 'test'
exit
when I run this from CLI, using
./ script_test.sh
It does indeed work and I can see the info echoed out in the CLI.
I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.
I created my php page (php_test.php) and it contains the following
<?php
chdir('/path/to/my/files/');
shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
I then ran the following to modify the sudoers file, giving www-data access to the bash script
sudo nano /etc/sudoers
to which I added the following line
www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh
I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command
sudo chmod 777 script_test.sh
From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.
Is there another log that could contain clues on this?
What else should I check here?
The result of shell_exec() is returned as string. To display it in your browser, simply add echo.
<?php
chdir('/path/to/my/files/');
echo shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
echo shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
See the Return Values in the manual:
The output from the executed command or NULL if an error occurred or
the command produces no output.
Can you try to use passthru instead of shell_exec, and see the output anything?
Also try this, and see if it shows on the log file:
if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");
Also, are you running PHP with the www-data user (check your fpm pool)?
Do you have any error on /var/log/syslog or /var/log/auth.log ?
Have you restarted the server after changing the sudo permissions?
What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?
Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?
I have a bash script that takes a parameter is called in PHP by shell_exec(script.sh parameter). Basically, my goal is to call a script that is owned by another user that is not apache.
The script.sh script is a file that contains the following (right now there are some error handling commands):
#/bin/bash
whoami>>whoami
echo $1 >> parameter
while read f; do
env>>envoutput
sudo -i -u archivescriptowner /path/to/archivescript.sh -command archive >> output
done < $1
In my /etc/sudoers file , I have the following:
apache ALL=(archivescriptowner) NOPASSWD: /bin/bash -c /path/to/archivescript.sh *
When I run this script as by running su -s /bin/bash apache and pass a parameter, it works.
When I run it via my button in php, archivescript.sh does not execute
The whoami file has apache written to it
The parameter file has the right file written to it
env shows the following
Term=xterm
LD_LIBRARY_PATH=/path/to/library
PATH=/sbin/:usr/sbin:/bin:/usr/bin
PWD=/var/www/html
LANG=C
SHLVL=4
=/bin/env
PWD is outputting right, that is where my script is right now, it will be moved in the future.
The output file when it is ran by the button click is blank.
I am at a loss as to why this is not working. Any insight would be helpful. Please let me know if I need to give any additional information.
I recently published a project that allows PHP to obtain and interact with a real Bash shell. Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('/path/to/archivescript.sh');
echo $return1; //return from your script
i want to execute a bash shell script in php. The shell script used to create make a directory. But it is not creating while i am running the .php file in server.
The php code for above i have used-------
<html>
<?php
echo exec('./home/biswajit/lh.sh')
?>
thanx
</html>
And the code for corresponding lh.sh file is------
#!/bin/bash
cat <<EOF | /home/biswajit/matlab -nodesktop -nosplash -nodisplay /> /home/biswajit/matlab_result.out
mkdir('/home/biswajit/Done');
disp('directory created');
exit
EOF
Check with which user's permissions it's run. You could echo the output of "whoami" (bash) command to know with wich user is used to run the script.
If it's executed, for example, with the "www-data" user (ubuntu's [and maybe others] default httpd user), then it may not have the rights to create a directory in your user's home folder.
I recently published a project that allows PHP to obtain and interact with a real Bash shell (as root if requested), it solves the limitations of exec() and shell_exec(). Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('cat <<EOF | /home/biswajit/matlab -nodesktop -nosplash -nodisplay /> /home/biswajit/matlab_result.out');
$return2 = $shell->exeCmd('mkdir -p \'/home/biswajit/Done\'');
//the return will be a string containing the return of the command
echo $return1;
echo $return2;