I want to start program when I enter my webpage, and problem is in permissions(??) because when I try
echo exec('whoami');
I've got valid response (www-data) but when i try code like it:
echo exec('/var/www/./sitesend');
and
echo passthru(/var/www/./sitesend');
I got no response. I tried to
chown www-data /var/www/sitesend
chmod 755 /var/www/sitesend
My C++ app runs correctly, and its sending by NRF infromations to turn lights.
But not work, when enter page app won't run and I don't get any reps in echo.
I don't have a conclusive answer, but you can try a number of things:
Try the follow command to see if www-data may run the command.
sudo -u www-data /var/www/sitesend
Try running a PHP script with the passthru command from the commandline.
See if you're running AppArmor for the Apache process. AppArmor will block execution for files not white listed.
ls /etc/apparmor.d
Related
I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.
I have done the following.
Created my bash script file script_test.sh
#!/bin/bash
whoami
echo $USER
echo 'test'
exit
when I run this from CLI, using
./ script_test.sh
It does indeed work and I can see the info echoed out in the CLI.
I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.
I created my php page (php_test.php) and it contains the following
<?php
chdir('/path/to/my/files/');
shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
I then ran the following to modify the sudoers file, giving www-data access to the bash script
sudo nano /etc/sudoers
to which I added the following line
www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh
I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command
sudo chmod 777 script_test.sh
From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.
Is there another log that could contain clues on this?
What else should I check here?
The result of shell_exec() is returned as string. To display it in your browser, simply add echo.
<?php
chdir('/path/to/my/files/');
echo shell_exec('./script_test.sh'); // ATTEMPT RUN SCRIPT
echo shell_exec('/path/to/my/files/script_test.sh'); // ATTEMPT RUN SCRIPT
echo 'test 123'; // SIMPLE ECHO IN THE PHP PAGE
?>
See the Return Values in the manual:
The output from the executed command or NULL if an error occurred or
the command produces no output.
Can you try to use passthru instead of shell_exec, and see the output anything?
Also try this, and see if it shows on the log file:
if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");
Also, are you running PHP with the www-data user (check your fpm pool)?
Do you have any error on /var/log/syslog or /var/log/auth.log ?
Have you restarted the server after changing the sudo permissions?
What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?
Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?
I've been unable to run php scripts that I need to use to start and stop webcam services that run on the local machine with the scripts. I can find nothing in the logs to indicate why the script doesn't' work.
I confess to being severely handicapped regarding PHP, especially server-side scripting.
The environment is Debian Jesse running Nginx with all required SSH and PHP modules installed
I have added www-data to the sudoers file with:
www-data ALL=(ALL) NOPASSWD: /var/www/html/start_webcam.sh
Enabled the $PATH environment for www-data at:
/etc/php5/fpm/pool.d/www.conf
The shell script resides in the .../html directory and runs from the terminal with no issues.
This is the code for both the php and shell scripts:
start_webcam.php:
<?php
echo exec('sudo bash /var/www/html/aspirebox/start_webcam.sh 2>&1, $output');
print_r($output);
?>
The $output and print_r stuff is there because it was the last thing I tried based on a post I found out here somewhere.
start_webcam.sh
#!/bin/bash
service motion start
Thanks in advance to anyone out here that has a clue. After 2 days of wrestling with this, I am sure that I do not.
according to Passing Variables to shell_exec()? you should change your code like this:
<?php
$output = exec('/var/www/html/aspirebox/start_webcam.sh 2>&1 ');
print_r($output);
?>
and let your bash script execute as all (no need to sudo bash):
chmod a+x /var/www/html/aspirebox/start_webcam.sh
Thank you very much - that worked.
I worked through getting the path straight for the directory the shell script runs in, and the correct path to run "service".
All I have now is to figure out why I'm getting "Failed to start motion.service: Access denied"
I've given www-data permission to run the script without a password on sudoers, have to keep digging.
Thanks again!
I'm trying to execute a command through PHP with shell_exec. The PHP file is hosted by Apache on my Ubuntu server.
When I run this:
echo shell_exec("ps ax | grep nginx");
Then I get to see data. But when I run another command, for example:
echo shell_exec("cat /usr/local/nginx/config/nginx.config");
Then it's not showing anything at all. But when I copy that command and paste it in my terminal, then it executes fine.
My Apache server is running as user www-data. So I edited sudoers and added this line:
www-data ALL=(ALL:ALL) ALL
I know this is a security risk, but I wanted to make sure (for now) that www-data is able to execute all commands. But, for some reason I'm still not able to execute all commands with my PHP script.
Anyone any idea what to do?
have you read http://php.net/manual/en/function.shell-exec.php
There is quite a discussion in comments section. Top comment is:
If you're trying to run a command such as "gunzip -t" in shell_exec and getting an empty result, you might need to add 2>&1 to the end of the command, eg:
Won't always work:
echo shell_exec("gunzip -c -t $path_to_backup_file");
Should work:
echo shell_exec("gunzip -c -t $path_to_backup_file 2>&1");
In the above example, a line break at the beginning of the gunzip output seemed to prevent shell_exec printing anything else. Hope this saves someone else an hour or two.
echo shell_exec("sudo cat /usr/local/nginx/config/nginx.config");
Try that.
I would like lauched a command in php over my RPI.
The command is echo 'standby 0' | cec-client -s, it's work fine in ssh my Tv shutdown, but in php echo shell_exec("......") return adapters autodetect FAILED ... But also mkdir doesn't work with sheel_exec, so i think it's probably PATH problem, but i don't know how to fix it. My PATH in ssh is /usr/local/bin....... and in php is /sbin:/bin:/usr/sbin:/usr/bin .
How i can fix it. Sorry for my english ...
I tried the same and got a message saying "failed to open vchiq instance". I found a question on Raspberry Pi StackExchange suggesting to add the user to the "video" group. I did that with usermod -a -G video www-data and then restarted apache with /etc/init.d/apache2 restart. Then I was able to use cec-client from PHP and apache.
It is permissions problem. While running command via ssh you executing it as user pi(probably), but via shell_exec you execute command as user www-data which do not have necessary permissions. You can check this by running echo shell_exec("whoami");
You can easly fix this by adding line "www-data ALL=(ALL) NOPASSWD: ALL" into your "/etc/sudoers" file and then run "echo shell_exec("sudo echo 'standby 0' | sudo cec-client -s");", hovewer this will add to the user www-data all of the sudo permissions and it is very unsecure, but it will work. If you want to do it more secure way you need to find which permissions cec-client required to run properly and then add them to user www-data.
I actually try to laucnh a gnome-term with a php script, seems i have some problems with the users www-data;
my script make only a ls -l command in a directory (is just for a test) and i run it with a php page in my local-web site.
here the gnome-terminal command in my bash script (he run perfectly when i double-click on him) :
gnome-terminal --working-directory=/opt/cuckoo -x bash -c "ls -l"
and here is the call on the php-page :
system("/my/path/to/the/script/script.sh");
i have some echo in my script and i see them in the php page after i try to run the script with the php.page.
i think www-data don't have the right to do so i give the ownership of the script with the chown command, and at last a try the sudo visudo command and make the script execute like the user www-data is root (with NO PASSWD arg)
But i can't open the terminal and make a ls at last, i try with exec too, and show the result with $ouput butthe result is the same as well.
At last my question is : Php can really run a terminal or maybe a fool myself^^? Thanks for taking time to rescure me ;)
PHP can run everything, but depends who spawns it. Forget just running X apps from a web server - you'll need more than just executing them (permissions, DISPLAY and Xauth settings). Read more about the X clients and architecture.
Probably the right place to ask this is at SuperUser, since the problem is not in the coding itself.