Issue: Initially, Through command line as a root user,I accessed a package called pandoc (/root/.cabal/bin/pandoc) which was installed in root folder. When I try to access that package through php using shell_exec(),it fails.
Question: Is there any limitation for php shell_exec() not to access root packages for security purposes? If so,how to resolve it?
I tried: Gave write permission to root folder then I could access root packages through
command line not as a root user. yet I couldn't to access it through php shell_exec().
php code:
shell_exec("cd /home/quotequadsco/public_html/pandoc_jats ; sudo -u quotequadsco
-S /root/.cabal/bin/pandoc ex.tex --filter /root/.cabal/bin/pandoc-citeproc
-t JATS.lua -o ex.xml");
and also tried,
shell_exec("cd /home/quotequadsco/public_html/pandoc_jats ;/root/.cabal/bin/pandoc
ex.tex --filter /root/.cabal/bin/pandoc-citeproc -t JATS.lua -o ex.xml");
Expectation: I need to execute pandoc root package through shell_exec() in php.
Added the following line in the /etc/sudoer file
#Defaults requiretty //commented this line
usergroup ALL=(ALL) ALL
PHP code,
shell_exec("cd /home/quotequadsco/public_html/pandoc_jats ;echo password | sudo
-S command"); //added a password for sudo command to run as a root user.
I recently published a project that allows PHP to obtain and interact with a real Bash shell (as root if requested), it solves the limitations of exec() and shell_exec(). Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('pandoc (/root/.cabal/bin/pandoc)');
//the return will be a string containing the return of the command
echo $return1;
Related
I've a shell_test.php file in /var/www/html folder with this code:
<?php
shell_exec('/var/www/html/config.sh');
?>
config.sh in the same folder has this code:
#!/bin/sh
sudo -u root kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
When I run ./config.sh from folder, it runs.
When I run command in config.sh file directly in terminal, it
works too.
I've added this into sudoers file so that there is no need of password:
www-data ALL=(ALL) NOPASSWD: /var/www/html/config.sh
The thing is it's working fine when run using terminal in both the mentioned ways. Why is not executing when run in PHP?
Your problem is probably, that it is apache, www-data or some other user that is running your script and you try to run it as root.
Try without sudo -u root and change the group of the file to www-data with:
chown root:www-data your-script
As you say "It isn't outputting anything but my mosquitto broker is resetting every time it runs which lets me know"
I think you should replace
shell_exec('/var/www/html/config.sh');
with
$output = shell_exec('/var/www/html/config.sh');
echo $output;
According to php docs "shell_exec — Execute command via shell and return the complete output as a string"
shell_exec doesn't print by default; you have to store the string output and then use it
I made few changes in codes and it worked.
In shell_test.php, I changed code like this:
<?php
shell_exec('sudo -S ./config.sh');
?>
In config.sh, I changed like this:
#!/bin/sh
sudo kill -SIGHUP $(cat /var/www/html/mosquitto/mosquitto.pid)
I building one PHP application where I create command line functionality for Linux debian Jessie. All works fne but I need to be able use some commands like root user.
Is there a way to use shell_exec() or similar command to access like root user via PHP?
Idea of this command line is to people who have access to that server can handle with it over internet from any place or device.
Here is image of console:
Executing commands as root via PHP will leave yourself wide open to all sorts of malicious hackery.
Have a look at the "sudo" documentation.
You should be able to set up all the commands you need as "sudo"able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.
As in:
exec ('sudo getCurrentUser.sh')
First, you need to add the user that PHP is using to run (most of the time it is www-data) to the sudo group if it is not already assigned.
Then, in your php file:
use sudo -S, so you can pass the password via echo
$exec = "echo your_passwd | /usr/bin/sudo -S your command";
exec($exec,$out,$rcode);
if you have trouble with the paths - use
"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'"
so you get a new bash that acts like a login shell and has the paths set
Edit your sudoers file
sudo vi /etc/sudoers
Put this line
www-data ALL=(ALL) NOPASSWD: ALL
www-data is the php default user in linux ( replace if necessary )
Use
$output = shell_exec('sudo XXXX');
I have installed Lampp-x64-5.6.3 in my OpenSuse 13.2 OS. I have built a program which require the execution of qpdf which I have installed from the OpenSuse Repo itself.
Well when I run the commands (given below) I get no response & nothing works at all whereas I am able to execute other binary files within the /usr/bin/ directory.
$execQuery = "/usr/bin/qpdf --decrypt --stream-data=uncompress --force-version=1.4 ".escapeshellarg('/opt/lampp/htdocs/test/test.pdf')." ". escapeshellarg('/opt/lampp/htdocs/test/temptest.pdf');
shell_exec($execQuery);
#OR
$execQuery = "/usr/bin/qpdf '/opt/lampp/htdocs/test/test.pdf' '/opt/lampp/htdocs/test/temptest.pdf'";
shell_exec($execQuery);
PHP safe_mode is off, shell_exec, exec, system etc are enabled. Still I am unable to run this particular binary (/usr/bin/qpdf).
I am getting output when I run the commands echo or ls -l or dir or even skype in the php shell_execute functions.
The permission for the file is: -rwxr-xr-x 1 root root 85248 Jun 18 10:31 /usr/bin/qpdf
But however I am able to execute qpdf command via Terminal of the OS. and it creates the file perfectly.
The directory /opt/lampp/htdocs/test/ is writable by both qpdf and apache/lampp
I have tried almost all methods mentioned in various forums but still can't get this executable run the file.
Thanks in advance.
UPDATE:
As suggested tried out this one:
$command = "/usr/bin/qpdf --decrypt --stream-data=uncompress --force-version=1.4 ".escapeshellarg('/opt/lampp/htdocs/test/test.pdf')." ". escapeshellarg('/opt/lampp/htdocs/test/temptest.pdf');
shell_exec($command. " > /opt/lampp/htdocs/debug.log 2>&1");
The errors are logged!
......
/opt/lampp/lib/libstdc++.so.6: version `GLIBCXX_3.4.9' not found
......
SOLUTION:
I simply had to delete the /usr/lib/libstdc++.so.6 file or rename it.
RUN in terminals:
sudo mv /usr/lib/libstdc++.so.6 /usr/lib/libstdc++.so.6___
I simply had to delete the /usr/lib/libstdc++.so.6 file or rename it.
RUN in terminals:
sudo mv /usr/lib/libstdc++.so.6 /usr/lib/libstdc++.so.6___
I want to execute a Bash script present on the system from a PHP script. I have two scripts present on the system. One of them is a PHP script called client.php present at /var/www/html and the other is a Bash script called testscript present at /home/testuser.
My client.php script looks like
<?php
$message=shell_exec("/home/testuser/testscript 2>&1");
print_r($message);
?>
My testscript looks like
#!/bin/bash
echo "Testscript run succesful"
When i do the following on terminal
php client.php
I get the following output on terminal
Testscript run successful
But when i open the page at
http://serverdomain/client.php
I get the following output
sh: /home/testuser/testscript: Permission denied
I get this error even after I did chmod +x testscript.
How do I get it to work from the browser? Please help.
I would have a directory somewhere called scripts under the WWW folder so that it's not reachable from the web but is reachable by PHP.
e.g. /var/www/scripts/testscript
Make sure the user/group for your testscript is the same as your webfiles. For instance if your client.php is owned by apache:apache, change the bash script to the same user/group using chown. You can find out what your client.php and web files are owned by doing ls -al.
Then run
<?php
$message=shell_exec("/var/www/scripts/testscript 2>&1");
print_r($message);
?>
EDIT:
If you really want to run a file as root from a webserver you can try this binary wrapper below. Check out this solution for the same thing you want to do.
Execute root commands via PHP
Without really knowing the complexity of the setup, I like the sudo route.
First, you must configure sudo to permit your webserver to sudo run the given command as root. Then, you need to have the script that the webserver shell_exec's(testscript) run the command with sudo.
For A Debian box with Apache and sudo:
Configure sudo:
As root, run the following to edit a new/dedicated configuration file for sudo:
visudo -f /etc/sudoers.d/Webserver
(or whatever you want to call your file in /etc/sudoers.d/)
Add the following to the file:
www-data ALL = (root) NOPASSWD: <executable_file_path>
where <executable_file_path> is the command that you need to be able to run as root with the full path in its name(say /bin/chown for the chown executable). If the executable will be run with the same arguments every time, you can add its arguments right after the executable file's name to further restrict its use.
For example, say we always want to copy the same file in the /root/ directory, we would write the following:
www-data ALL = (root) NOPASSWD: /bin/cp /root/test1 /root/test2
Modify the script(testscript):
Edit your script such that sudo appears before the command that requires root privileges(say sudo /bin/chown ... or sudo /bin/cp /root/test1 /root/test2). Make sure that the arguments specified in the sudo configuration file exactly match the arguments used with the executable in this file.
So, for our example above, we would have the following in the script:
sudo /bin/cp /root/test1 /root/test2
If you are still getting permission denied, the script file and it's parent directories' permissions may not allow the webserver to execute the script itself.
Thus, you need to move the script to a more appropriate directory and/or change the script and parent directory's permissions to allow execution by www-data(user or group), which is beyond the scope of this tutorial.
Keep in mind:
When configuring sudo, the objective is to permit the command in it's most restricted form. For example, instead of permitting the general use of the cp command, you only allow the cp command if the arguments are, say, /root/test1 /root/test2. This means that cp's arguments(and cp's functionality cannot be altered).
I was struggling with this exact issue for three days. I had set permissions on the script to 755. I had been calling my script as follows.
<?php
$outcome = shell_exec('/tmp/clearUp.sh');
echo $outcome;
?>
My script was as follows.
#!bin/bash
find . -maxdepth 1 -name "search*.csv" -mmin +0 -exec rm {} \;
I was getting no output or feedback. The change I made to get the script to run was to add a cd to tmp inside the script:
#!bin/bash
cd /tmp;
find . -maxdepth 1 -name "search*.csv" -mmin +0 -exec rm {} \;
This was more by luck than judgement but it is now working perfectly. I hope this helps.
It's a simple problem. When you are running from terminal, you are running the php file from terminal as a privileged user. When you go to the php from your web browser, the php script is being run as the web server user which does not have permissions to execute files in your home directory. In Ubuntu, the www-data user is the apache web server user. If you're on ubuntu you would have to do the following:
chown yourusername:www-data /home/testuser/testscript
chmod g+x /home/testuser/testscript
what the above does is transfers user ownership of the file to you, and gives the webserver group ownership of it. the next command gives the group executable permission to the file. Now the next time you go ahead and do it from the browser, it should work.
I want to launch the command "unoconv" from a script php.
$command = '/usr/bin/unoconv --server localhost --port 2002 --format=pdf file.rtf >/dev/null 2>/dev/null';
$rc = system( $command );
echo $rc;
The command return no result and the file is not created.
I think is a problem from access with www-data and unoconv.
When I'm launching the command in shell, the file is created.
Any idea?
You can add command unoconv to sudoers.
I do this in this way:
I create wrapper bash script in for example /usr/local/bin where I have command unoconv.
#!/bin/bash
if [ -z "$1" ]; then
echo "Must pass file";
exit 10;
fi
/usr/bin/unoconv -f pdf $1.rtf
after this I adding entry in /etc/sudoers.d:
www-data ALL=NOPASSWD: /usr/local/bin/unoconv.sh
And now you can call script in php:
exec('sudo /usr/local/bin/unoconv.sh '.$fileName);
Try to run
$output = `/usr/bin/unoconv --server localhost --port 2002 --format=pdf file.rtf`;
instead and see error messages.
For me works like this:
$cmd = "/usr/bin/unoconv -f docx files/thefile";
shell_exec($cmd);
of course you have to do this previously (if you lounch your php script from the web):
chown -R www-data:www-data files/
I have found a solution to this problem when running Apache. You have to create the home folder for the www-data user
sudo mkdir /home/www-data
sudo chown www-data /home/www-data
Lastly we will have to edit the home directory and default shell for the www-data user
sudo vim /etc/passwd
For the entry of www-data the last two strings have to be replaced respectively with
/home/www-data
/bin/bash
Simple as this
$output = shell_exec('/opt/libreoffice5.0/program/python unoconv -f rtf test.html');
Edit the path to suite your configuration.
It just works!
You may be running into an issue with LibreOffice, OpenOffice or soffice not being able to write to the current user's $HOME directory.
By running the command below I was able to identify the correct $HOME directory and see the error that was being generated.
$cmd = 'echo $HOME & unoconv -vvvv --format %s --output %s %s 2>/tmp/unoconv.debug.txt';
exec($cmd);
The verbose output of $cmd will be generated written to the file: /tmp/unoconv.debug.txt.
In my case the output was:
Verbosity set to level 5
DEBUG: Connection type: socket,host=127.0.0.1,port=2002,tcpNoDelay=1;urp;StarOffice.ComponentContext
DEBUG: Existing listener not found.
DEBUG: Launching our own listener using /usr/lib64/libreoffice/program/soffice.bin.
Failed to connect to /usr/lib64/libreoffice/program/soffice.bin (pid=32012) in 6 seconds.
Connector : couldn't connect to socket (Success)
Error: Unable to connect or start own listener. Aborting.
The command ran seemed to fine as root, and as sudo -u nobody. On seeing this output I realized there was an issue with the home directory.
Kudos to Dag Wieers for his help - I'm hoping this helps other unoconv devs with their debugging.