I have CentOS 7 with PHPFPM and Nginx (both installed from source, not yum). Nginx and PHP running on www-data user and group. Now I create a PHP file with this content:
exec("adduser myownuser");
This PHP file work successfully if I run it in the CentOS console as root. But when I want to run it in my webserver root, nothing happens and the script run as www-data..
What is the problem ?
You need to add apache to sudoers, without password required.
also you need to execute the adduser via a one line script, you can't set it's password otherwise.
Here's my implementation
$ccmd = "nohup sudo useradd -d /home/user -p $(openssl passwd -1 " . $thepassword . ") username &";
exec($ccmd);
I added this to my sudoers file
apache ALL=(ALL) NOPASSWD: ALL
depending on your distro, your apache user may differ. To find out what apache's username is, you can echo exec("whoami");
Before people start yelling at me, it's best to only allow apache sudo access to the one command you need. Either that or add apache to a group and assign that group to that command. I won't explain how to do that here, you can search because there are threads about this everywhere
Related
this is for Amazon EC2 linux.
I have a PHP script that runs a shell script.
So inside the shell script is a command to run node.
When I run the PHP script from the command line, the node executes.
When I run the PHP script from the browser, I get this message in the apache log:
/home/ec2-user/.nvm/versions/node/v8.11.3/bin/node: Permission denied
This is after doing a chmod 777 on /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
I also did chown ec2-user:apache /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
Also, here is the result of:
$ ls -alrt /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
-rwxrwxrwx 1 ec2-user apache 34800111 Jun 12 22:40 /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
Everyone has full permissions on it, how can I be getting a "Permission denied" error?
So again this works perfectly if I run the PHP script from the command line.
Ok this is a total no-no but it's temporarily a hack.
Since this is running on my AWS EC2 instance, I simply restrict everything via the security group and only allow the I.P. addresses I allow, so it's safe for me.
You have to add the permissions to the apache group in the sudoers file.
So, first:
$ sudo visudo
And then add:
%apache ALL = (ALL) NOPASSWD: ALL
To the end of the file. Again, it's bad, it's a hack, but it's a current workaround and I restrict access to the EC2 instance via the I.P. addresses in the security group anyways.
If you want to run this then you can go to /etc/sudoers and make apache as your sudo user and it will have root privileges to run the file in the browser.
The changes you will have to make are :-
First find the line
root ALL=(ALL) ALL
and then add the line below it
apache ALL=(ALL) NOPASSWD: ALL
There are many questions on this topic, but my situation is quite strange.
I am trying to print out exec("sudo -u root whoami") in php. But it returns nothing.
I added %www-data ALL=(ALL:ALL) ALL via sudo visudo but no luck on what is happenning, no error, just not printing out anything.
Any suggestion?
Thanks in advance
How is your webserver going to enter the password for sudo?
Your configuration allows the webserver-user to run all commands on the server. But that requires the user to enter their password. And the webserver
can't do that interactively
doesn't even have a apassword
So if you want to do what you try to do (giving the process running PHP root-access to the machine is a very bad idea) you should add this to your sudo-config:
%www-data ALL = NOPASSWD: /usr/bin/whoami
That allows the group www-data to run whoami as root without an interctive password-prompt
I am trying to route add ip (Thats for null routing an ip, means that, preventing ip to send packets to my server. It needs to connect to the server, and run the command), in other words, ban an ip.
SSH command
route add 50.50.50.50 gw 127.0.0.1 lo
But I want to use it in php, using shell_exec() function. Tried this without any luck.
Php
shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo");
It doesnt give me errors, nothing. What is the correct way to run that command in shell_exec() ?
try:
$output = shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo");
echo "<pre>$output</pre>";
So depending on what HTTP server you are using (nginx, apache, etc) if properly configured these service accounts should not be able to execute that command because they do not have root level privileges in order to execute the changes you are wanting to make even if shell_exec is enabled.
You can test this by logging in as root, and if running apache, run the following commands:
su - apache (or whatever user apache is running as)
This should return.
This account is currently not available.
Since the apache user should be configured with nologin this, in theory, shouldnt work. However you can add a user to test this behavior with via 'useradd'.
That being said.. on my virtual machine I recreated this for context. I created a test user and attempted to run the command you listed. Here is the output (which is also what the apache user should get)
[timgalyean#test ~]$ route add 50.50.50.50 gw 127.0.0.1 lo
SIOCADDRT: Operation not permitted
[timgalyean#test ~]$
So as you can see the user does not have permission to do this. Contrary to the task at hand this is a good thing.
Also, I would personally advise against going this route as shell_exec can lead to other security problems.. specially if you give your user permissions to execute this.
Another thing I noticed is that you have sudo in your command. The service user should not have sudo access either. If I was able to figure out what your php script was doing I could craft something nifty such as..
shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo ; wget url/myfile.txt; bash -c 'myfile.txt'");
Assuming myfile.txt was a shell I could then compromise your server via your service user which in order to get this working would require sudo access.
Okay so I want to change the file mode of a directory to 777 so I use the line
exec('chmod -R 777' . $dir);
where $dir is the directory path of the directory I wanna change
it doesn't seem to work but I don't get an error for it, also if the user I was executing the script from was a sudo user so I have to enter the password after I enter the command, how would I do this? Would it be something like exec('chmod -R 777' . $dir\n 'password'); ?
Information I get from this site
Execute system commands via PHP
Many a times we need to execute system commands on a Linux system – to delete a directory, or restart a service. However, since Apache does not run with root privileges, it is nearly impossible to use PHP’s exec(), system() or passthru() functions to achieve that.
The solution to this is very simple, specially on Ubuntu. The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.
1.Run the command sudo visudo
2.At the end of the file, add the following
www-data ALL=NOPASSWD: /sbin/iptables, /usr/bin/du
This is assuming that you wish to run iptables and du using super user (root) privileges. However, if you wish to run every application using super user privileges, then add the following instead of what’s above
www-data ALL=NOPASSWD: ALL
3.That’s it, now use exec() in the following manner inside your .php script
exec ("sudo iptables -P FORWARD ACCEPT");
I would like lauched a command in php over my RPI.
The command is echo 'standby 0' | cec-client -s, it's work fine in ssh my Tv shutdown, but in php echo shell_exec("......") return adapters autodetect FAILED ... But also mkdir doesn't work with sheel_exec, so i think it's probably PATH problem, but i don't know how to fix it. My PATH in ssh is /usr/local/bin....... and in php is /sbin:/bin:/usr/sbin:/usr/bin .
How i can fix it. Sorry for my english ...
I tried the same and got a message saying "failed to open vchiq instance". I found a question on Raspberry Pi StackExchange suggesting to add the user to the "video" group. I did that with usermod -a -G video www-data and then restarted apache with /etc/init.d/apache2 restart. Then I was able to use cec-client from PHP and apache.
It is permissions problem. While running command via ssh you executing it as user pi(probably), but via shell_exec you execute command as user www-data which do not have necessary permissions. You can check this by running echo shell_exec("whoami");
You can easly fix this by adding line "www-data ALL=(ALL) NOPASSWD: ALL" into your "/etc/sudoers" file and then run "echo shell_exec("sudo echo 'standby 0' | sudo cec-client -s");", hovewer this will add to the user www-data all of the sudo permissions and it is very unsecure, but it will work. If you want to do it more secure way you need to find which permissions cec-client required to run properly and then add them to user www-data.