I have web server that play music from Raspberry and turn on LED with script gpio.sh.
I am using mpd, mpc and gpio.
My /var/www/index.php :
<html><body><?php
echo exec('whoami');
if(isset($_POST['button1']))
{
shell_exec('mpc play')
shell_exec('/bin/bash /var/www/gpio.sh');
}
?>
<form method="post">
<p align=center>
OUTPUT (AUDIO) => <button name="button1">PLAY</button>
</p>
</form>
</body></html>
In terminal, I can run /bin/bash /var/www/gpio.sh successfully and LED turning on.
From web server 'mpc play' WORKS and can play a song BUT it can't run that gpio.sh .
The owner of index.php is www-data
-rwx------ 1 www-data www-data 1262 Dec 8 10:45 gpio.sh
-rwx------ 1 www-data www-data 272 Dec 9 09:39 index.php
What should I do ? When I change owner of index.php or gpio.sh to root, php can't execute.
Is my index.php wrong?
I can't execute .sh from php.
Please help.
Perfect solution for you would be to set SUID for script gpio.sh but unfortunately
you can't do so as far as gpio.sh is a script.
You have three options:
You can turn your script into the say C++ application and then set SUID
You can use some GPIO lib for python that don't force usage by root like: pigpio
You can set SUID for python interpreter, but I'm not sure its good idea generally
Related
I have a question about the exec function on PHP 7.0.
I write a shell script to copy/sync the files and log the details into a log file, everything happens in the tmp folder.
# /tmp/data
drwxrwxr-x 4 root www-data 4096 Apr 4 00:00 data
# /tmp/data/data.log
-rwxrwxr-x 1 root www-data 9551 Apr 4 04:19 sync.log
I tried to login as www-data user for testing the shell script, and it works fine via command line but it's not good with PHP exec as below:
exec('sh /var/www/sync.sh');
I tried to dump the data and I am sure that I can touch the .sh file.
Is there anyone have ideas about this issue?
Thanks.
I want to run a PHP script from chromium-browser which will print a file. The file is located in /tmp folder on the Raspberry Pi. The file is copied from the server using SAMBA. The script has shell_exec command which attempts to do something with the file. The script works from the command line but not through the browser (chromium). I run the latest Stretch version of Raspbian.
I suspect it is something to do with permissions but I do not know where the problem is located. I have previous image Jessie with similar setup and functionality and it works. I compared all the permissions on both systems and they are exactly the same but I must be missing something.
Here is the PHP script:
<?php
header("Access-Control-Allow-Origin: *");
shell_exec("sudo lpr -P printerName /tmp/sample.pdf");
shell_exec("rm /tmp/sample.pdf");
?>
Here are related permissions:
drwxrwxrwt 15 root root 4096 Nov 23 16:17 tmp
drwxr-xr-x 12 root root 4096 Nov 3 13:58 var
-rwxrw-rw- 1 nobody nogroup 320855 Nov 23 15:31 sample.pdf
I am running a PHP document on an Apache server on my Raspberry Pi and I want it to run a file when a button is clicked. I put some echo commands under the command to make the file run and it prints out but the file doesn't run. The index.php file and lightson.py and lightsoff.py files are all in the same directory (/var/www) and I have added #!/usr/bin/env python to the top of both files and made them executable by using chmod +x lightson.py. If I run the command from the shell it works and turns on the light just like I want with the exact same command as in the file but yet it wont run through the command. The code:
<html>
<head>
<title>Light Controller</title>
</head>
<?php
if (isset($_POST['LightON']))
{
shell_exec("sudo python /var/www/lightson.py");
echo("on");
}
if (isset($_POST['LightOFF']))
{
shell_exec("sudo python /var/www/lightsoff.py");
echo("Off");
}
?>
<form method="post">
<button name="LightON">Light ON</button>
<button name="LightOFF">Light OFF</button><br><br>
</form>
</html>
as you said you are running it like apache->php->shell_exec(SUDO..)
So the apache user has to be in sudoers file, better you don't give sudo to apache instead give apache (www-data) user right to run your python program
put first line in your python script: #!/usr/bin/env python so the script knows which program to open it with..
then
change group:
chgrp www-data /path/to/python-script.py
make it executabel
chmod +x /path/to/python-script.py
try it
shell_exec("/path/to/python-script.py");
I hope it works ;)
TIPP: Apache and PHP are for delivering Documents and Strings, if you want some kind of control and an API start with nodejs and https://www.npmjs.com/package/rpi-gpio package. This way you will have one place for your solid automation environment
This worked for me:
test.php
<?php
echo shell_exec("python test.py");
?>
test.py
f = open("test.txt", "a+")
f.write("hiya buddy!!\n")
f.close()
print "some output"
Here's my relevant ls -l output from /var/www/html:
jason#Jason-one /var/www/html $ ls -l
-rw-r--r-- 1 jason jason 44 Sep 20 18:12 test.php
-rwxr-xr-x 1 jason jason 82 Sep 20 17:44 test.py
-rw-rw-rw- 1 jason jason 38 Sep 20 18:15 test.txt
Since I don't have GPIO pins on my laptop, I decided to write to a file as a test. Notice I didn't have to use sudo because of the way I set the permissions on test.py.
So this is my code for the raspberry pi to get a still shot from the raspicam and save it on a directory,
<?php
exec('raspistill -n -hf -o /var/www/img/image.jpg --timeout 1');
?>
I have given the ownership and the permission to read/write in that forlder using -R. so my ls -al in /var/www is this
drwxr-xr-x 3 www-data www-data 4096 Jun 19 08:05 .
drwxr-xr-x 12 root root 4096 Jun 19 05:54 ..
-rwxrwxrwx 1 www-data www-data 74 Jun 19 08:30 getImg
drwxrwxrwx 2 www-data www-data 4096 Jun 19 09:21 img
-rw-r--r-- 1 root root 70 Jun 19 10:07 index.php
getImg is the script i tried to run the script as a file like shell_exec('/bin/bash ./getImg'); that also doesn't work.
i have added /bash/bin and tried to run the script without using the script file too but that doesn't get the results.
How ever when i try to run the php file in the terminal, it creates the image as it normally should. So i figure this must be a permission issue, but what else should i do with the permissions? I have given all the rights to the directory.
EDIT
So I have found a workaround to this. since I don't know what the cause for the problem, i'd not mark this as an answer, but please vote it to appear at the top.
I now execute the script using the cgi scripts. I have created a shell script in the /usr/lib/cgi-bin/
#!/bin/bash
echo "Content-type:text/html\n"
sudo raspistill -vf -n -o /var/www/img/image.jpg --timeout 1200 --metering matrix
echo "Status: 204"
I saved this as capture and made this executable, did nothing with the permissions though.
sudo chmod +x capture
now when i open the link http://192.168.1.85/cgi-bin/capture the browser will still get me a 500 internal server error message. how ever, the image would still be created.
I would now need to get the 500 internal server error to be fixed.
[I'd add this as a comment but don't have enough points for it]
if you use the optional parameters $output and $return_var to capture the output and return value what do you get?
string exec ( string $command [, array &$output [, int &$return_var ]] )
does your command rely on environment variables that may be available when you run it as your user but not as www-data? (you can use the env command to check that)
does it still work if you run it via terminal after switching user to www-data?
This is how my python code looks like:
[root#localhost html]# vi brow1.php
<?php
echo exec("whoami");
echo exec("ls -l brow1.php") . "<br>";
$command = escapeshellcmd('/usr/temp_rohit.py');
shell_exec($command);
?>
I want to call python script from this php.
If i run the php script then it executes the python code but when run from the browser it does not execute the python script.
python script has all the required execute permission.
The output on the web browser is:
apache
-rwxrwxrwx. 1 root root 219 Nov 26 23:03 brow1.php
-rwxrwxrwx. 1 root root 115 Nov 26 22:38 /usr/temp_rohit.py
I am stuck at this point, Please help!