I have very annoying problem here that I am completely lost on.
Am just trying to run a bash script from a php page.
The bash script is a long one.... so I created a caller.sh which calls the ./mainScript.sh to run in the background in the following:
nohup /bin/bash /home/test/customcoincode/CoinCreationBashFile.sh $coinName $coinNameAbreviation $blockReward $blockSpacing $targetTimespan $totalCoins $seedNode $nameSeedNode $headline >> /tmp/BASH2log.txt 2>&1 &
in reading my log file it seems some variables are not being passed in...
and at the following lines of code:
echo "Creating New Coin - Downloading code base repo"
echo "$localFolder/$coinName"
mkdir -p "$localFolder/$coinName";
cd "$localFolder/$coinName"
git clone "$baseRepository" "$localFolder/$coinName"
echo "Made it here 1"
i get outputs of:
Creating New Coin - Downloading code base repo
/home/test/Foocoin
cloning into '/home/test/Foocoin'
could not create directory '/var/www/.ssh'
host key verification failed
blah blah ....
Why is it looking in the /var/www/ directory?? works fine if I run the script from terminal?
many thanks
So to pack up my comments in an answer:
The shell script is now run as apache, as git uses ssh, corresponding config files are needed. Which were created in /var/www; apaches home directory. Apache did not have write permissions in /var/www thus could not create these files.
To resolve, create the /var/www/.ssh directory yourself and give www-data (or whatever user apache runs under in your system) write access to that folder.
Next, github requires you to authorize ssh keys. It is safer to create a new one for apache in the newly created /var/www/.ssh directory and add this key to your github keychain.
Related
I have a file upload form and after the file uploads I want to push the files up to GitHub by running:
git add .
git commit -m "some message"
git push origin master
How do I go about this? I've seen examples of using exec() but that makes me nervous.
shell_exec('cd /var/www/vhost/xxx.com/httpdocs/clients/portal/upoads/54 && /usr/bin/git add -A');
shell_exec('cd /var/www/vhost/xxx.com/httpdocs/clients/portal/upoads/54 && /usr/bin/git commit -m "something 1"');
shell_exec('cd /var/www/vhost/xxx.com/httpdocs/clients/portal/upoads/54 && /usr/bin/git push origin master');
Those commands don't error but don't work either. Do I need to grant access to the apache user to use the ssh key?
i guess is permission problems, you can use exec() , and get the error info by $output
exec($your_command.' 2>&1', $output, $return_var);
var_dump($output);
Do I need to grant access to the apache user to use the ssh key?
Yes.
This means you have to copy the key somewhere that the apache user can read it. SSH won't work unless the key file is readable by the user only (i.e. 0600 permissions on the key file).
Copy the key like:
mkdir -p --mode=0700 ~apache/.ssh
cp /my/id_rsa ~apache/.ssh/id_rsa
chown -R apache:apache ~apache/.ssh/id_rsa
chmod 0600 ~apache/.ssh/id_rsa
Also, you don't need to cd every time you want to run the command. Use GIT_DIR:
putenv('GIT_DIR=/path/to/git/repo')
shell_exec('git commit ...')
I solved it. I ran all of this as root user.
Inside my PHP script I ran
exec("whoami");
to get the user that is running that script. Then I ran
cat /etc/passwd
to get the home directory for that user (/var/www/vhost/mydomain.com)
I noticed that on my web server (Centos 7) that all my web files were chown'd as opcode:psacln so I created a .ssh directory inside opcode's home folder:
mkdir -p --mode=0700 /var/www/vhost/mydomain.com/.ssh
cd (back to root)
cp .ssh/id_rsa /var/www/vhost/mydomain.com/.ssh/id_rsa
chown -R opcode:psacln /var/www/vhost/mydomain.com/.ssh/id_rsa
chmod 0600 /var/www/vhost/mydomain.com/.ssh/id_rsa
The thing I was missing was that I had to also move my known_hosts file over, since the script I was using wasn't adding to it.
cp .ssh/known_hosts /var/www/vhost/mydomain.com/.ssh/known_hosts
chmod 0600 /var/www/vhost/mydomain.com/.ssh/known_hosts
Of course, I had to login to my server at the command line and do an initial commit to the repo in order to get it added to my known_hosts file, before I copied it over. Hope this helps someone.
I have written simple php script to help me update site contents when the commit is sent to bitbucket. I have following problem with it.
<?php
$repo_dir = '/var/www/vhosts/my_full_path';
$output = shell_exec('cd '.$repo_dir.' && hg --config auth.rc.prefix=https://bitbucket.org/XXXXX --config auth.rc.username=my_username --config auth.rc.password=my_pass pull -u https://bitbucket.org/XXXXXXX &');
echo $output;
?>
When I type it to web browser it doesn't work. The output of script is:
pulling from https://bitbucket.org/XXXXXXXXXXXXXX
but when I try to execute it under console on the server it works like a charm:
php myscript.php
generates following output:
pulling from https://bitbucket.org/XXXX
searching for changes
adding changesets
adding manifests
adding file changes
added 2 changesets with 2 changes to 1 files
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
See the oupt is full and correct! in concole I'm using root user in web browser data-www? Is there any difference in this case?
I have found the solution. I hope it helps someone.
There were two problems:
Permissions to my repo dir
Authentication for user www-data for this repo
The problem occured because web browser doesn't flush warnings and abort messages while executing command shell_exec. If you want to test your script, you have to lgoin to console by SSH (as root for example) then execute script / command as apache user:
sudo -u www-data php /path-to-your-script/script.php
In console you will see all problems which following user generates.
I have some Subversion repositories (originally created with svnadmin) on a server; there is authenticated SSH read+write access via svn+ssh://. For certain of those SVN repositories, I would like to allow an anonymous read-only access via http://. The problem is I don't have administrative properties on that server, so I cannot really mess with server setups or run svnserve, but I can have PHP scripts. So I was wondering if there is some solution, hopefully in PHP, that would allow me to do that (implement a "bridge" to a subversion repository, that the svn client could check out from)?
I'd like to compare what I want to do with git. If I do a git init in a directory, I get the subfolder .git which contains exactly the same contents of a bare repo. I can clone this bare repo with git clone --bare ... and then upload it to a server - then I can directly clone using git clone http://... and the location of the bare repo (except that at first, git will complain with fatal: ... info/refs not found: did you run git update-server-info on the server?; this means that I should enable the default post-update hook [which] runs git update-server-info to keep the information used by dumb transports (e.g., HTTP) up-to-date.; or run git update-server-info in the bare repo, so info/refs is generated - only then can this bare repo on server be cloned on client via HTTP).
So, I'd consider the svnadmin created repo (with contents dav db format hooks locks README.txt) to be equivalent to the git bare repo (as they both contain the entire history, without the actual files), so I hoped that the svnadmin repo could be setup for read-only HTTP cloning in the same way (that is, just by copying that folder contents on the server). Unfortunately, that is not so - it seems that even with HTTP access, svn actually communicates with a form of WebDAV on the server (Subversion Users: Re: dav directory does not exist; SVN RedBook: What is WebDAV?). So I tried sabre/dav out, but after a succesful plain setup (tested with cadaver DAV command line tool), I can only get svn: OPTIONS of 'http://...': 200 OK (http://...) if I point to a svnadmin repo directory (or to its dav/ subdirectory).
I guess what I want is probably not possible at the time:
Re: SVN or git via WebDav using SabreDAV - Google Groups
The SVN protocol requires a TON of extensions to plain webdav to work. You're basically out of luck here.
... but I wanted to confirm for sure with this question...
Thanks to the answer from #Evert; but unfortunately svnsync doesn't seem to help me here (it fails with "Repository moved permanently"); here is a set of commands that I run in bash on an Apache server directory, with some command responses written prefixed with #:
svn --version
# svn, version 1.6.6 (r40053)
cd /media/www
svnadmin create mytest.svnfs
svn co file:///media/www/mytest.svnfs mytest.svn
cd mytest.svn
echo aaa >> test.txt
svn add test.txt
svn commit -m "init commit"
echo bbb >> test.txt
svn add test.txt
svn commit -m "2nd com mit"
wget -q --no-check-certificate http://localhost/mytest.svn -O - | head --bytes 120
# <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
# <html>
# <head>
# <title>Index of /mytest.svn</title>
cd ..
svnadmin create mytest.mirror
cat > mytest.mirror/hooks/pre-revprop-change <<'EOF'
#!/bin/sh
USER="$3"
if [ "$USER" = "syncuser" ]; then exit 0; fi
echo "Only the syncuser user can change revprops" >&2
exit 1
EOF
chmod +x mytest.mirror/hooks/pre-revprop-change
cat > mytest.mirror/hooks/start-commit <<'EOF'
#!/bin/sh
USER="$2"
if [ "$USER" = "syncuser" ]; then exit 0; fi
echo "Only the syncuser user may commit new revisions" >&2
exit 1
EOF
chmod +x mytest.mirror/hooks/start-commit
ls --ignore="*.tmpl" mytest.mirror/hooks/
# pre-revprop-change start-commit
svnsync initialize file:///media/www/mytest.mirror http://localhost/mytest.svnfs/ --sync-username syncuser --sync-password syncpass
# svnsync: Repository moved permanently to 'http://localhost/mytest.svnfs/'; please relocate
# trying the working copy (even if it shouldn't work):
svnsync initialize file:///media/www/mytest.mirror http://localhost/mytest.svn/ --sync-username syncuser --sync-password syncpass
# svnsync: Repository moved permanently to 'http://localhost/mytest.svn/'; please relocate
I wrote that answer, and it still holds true.
In a nutshell:
The SVN server can speak webdav, Delta-V (a versioning extension for webdav)
The SVN client takes advantage of that server, but also requires svn extensions.
This was true several years ago, so the situation may have changed... but I sincerely doubt it.
However.. for what you want to do, it sounds like you just want to use svnsync.
http://svnbook.red-bean.com/en/1.7/svn.reposadmin.maint.html#svn.reposadmin.maint.tk.svnsync
I want to execute a Bash script present on the system from a PHP script. I have two scripts present on the system. One of them is a PHP script called client.php present at /var/www/html and the other is a Bash script called testscript present at /home/testuser.
My client.php script looks like
<?php
$message=shell_exec("/home/testuser/testscript 2>&1");
print_r($message);
?>
My testscript looks like
#!/bin/bash
echo "Testscript run succesful"
When i do the following on terminal
php client.php
I get the following output on terminal
Testscript run successful
But when i open the page at
http://serverdomain/client.php
I get the following output
sh: /home/testuser/testscript: Permission denied
I get this error even after I did chmod +x testscript.
How do I get it to work from the browser? Please help.
I would have a directory somewhere called scripts under the WWW folder so that it's not reachable from the web but is reachable by PHP.
e.g. /var/www/scripts/testscript
Make sure the user/group for your testscript is the same as your webfiles. For instance if your client.php is owned by apache:apache, change the bash script to the same user/group using chown. You can find out what your client.php and web files are owned by doing ls -al.
Then run
<?php
$message=shell_exec("/var/www/scripts/testscript 2>&1");
print_r($message);
?>
EDIT:
If you really want to run a file as root from a webserver you can try this binary wrapper below. Check out this solution for the same thing you want to do.
Execute root commands via PHP
Without really knowing the complexity of the setup, I like the sudo route.
First, you must configure sudo to permit your webserver to sudo run the given command as root. Then, you need to have the script that the webserver shell_exec's(testscript) run the command with sudo.
For A Debian box with Apache and sudo:
Configure sudo:
As root, run the following to edit a new/dedicated configuration file for sudo:
visudo -f /etc/sudoers.d/Webserver
(or whatever you want to call your file in /etc/sudoers.d/)
Add the following to the file:
www-data ALL = (root) NOPASSWD: <executable_file_path>
where <executable_file_path> is the command that you need to be able to run as root with the full path in its name(say /bin/chown for the chown executable). If the executable will be run with the same arguments every time, you can add its arguments right after the executable file's name to further restrict its use.
For example, say we always want to copy the same file in the /root/ directory, we would write the following:
www-data ALL = (root) NOPASSWD: /bin/cp /root/test1 /root/test2
Modify the script(testscript):
Edit your script such that sudo appears before the command that requires root privileges(say sudo /bin/chown ... or sudo /bin/cp /root/test1 /root/test2). Make sure that the arguments specified in the sudo configuration file exactly match the arguments used with the executable in this file.
So, for our example above, we would have the following in the script:
sudo /bin/cp /root/test1 /root/test2
If you are still getting permission denied, the script file and it's parent directories' permissions may not allow the webserver to execute the script itself.
Thus, you need to move the script to a more appropriate directory and/or change the script and parent directory's permissions to allow execution by www-data(user or group), which is beyond the scope of this tutorial.
Keep in mind:
When configuring sudo, the objective is to permit the command in it's most restricted form. For example, instead of permitting the general use of the cp command, you only allow the cp command if the arguments are, say, /root/test1 /root/test2. This means that cp's arguments(and cp's functionality cannot be altered).
I was struggling with this exact issue for three days. I had set permissions on the script to 755. I had been calling my script as follows.
<?php
$outcome = shell_exec('/tmp/clearUp.sh');
echo $outcome;
?>
My script was as follows.
#!bin/bash
find . -maxdepth 1 -name "search*.csv" -mmin +0 -exec rm {} \;
I was getting no output or feedback. The change I made to get the script to run was to add a cd to tmp inside the script:
#!bin/bash
cd /tmp;
find . -maxdepth 1 -name "search*.csv" -mmin +0 -exec rm {} \;
This was more by luck than judgement but it is now working perfectly. I hope this helps.
It's a simple problem. When you are running from terminal, you are running the php file from terminal as a privileged user. When you go to the php from your web browser, the php script is being run as the web server user which does not have permissions to execute files in your home directory. In Ubuntu, the www-data user is the apache web server user. If you're on ubuntu you would have to do the following:
chown yourusername:www-data /home/testuser/testscript
chmod g+x /home/testuser/testscript
what the above does is transfers user ownership of the file to you, and gives the webserver group ownership of it. the next command gives the group executable permission to the file. Now the next time you go ahead and do it from the browser, it should work.
I want to execute a Bash script present on the system from a PHP script. I have two scripts present on the system. One of them is a PHP script called client.php present at /var/www/html and the other is a Bash script called testscript present at /home/testuser.
My client.php script looks like
<?php
$message=shell_exec("/home/testuser/testscript 2>&1");
print_r($message);
?>
My testscript looks like
#!/bin/bash
echo "Testscript run succesful"
When i do the following on terminal
php client.php
I get the following output on terminal
Testscript run successful
But when i open the page at
http://serverdomain/client.php
I get the following output
sh: /home/testuser/testscript: Permission denied
I get this error even after I did chmod +x testscript.
How do I get it to work from the browser? Please help.
I would have a directory somewhere called scripts under the WWW folder so that it's not reachable from the web but is reachable by PHP.
e.g. /var/www/scripts/testscript
Make sure the user/group for your testscript is the same as your webfiles. For instance if your client.php is owned by apache:apache, change the bash script to the same user/group using chown. You can find out what your client.php and web files are owned by doing ls -al.
Then run
<?php
$message=shell_exec("/var/www/scripts/testscript 2>&1");
print_r($message);
?>
EDIT:
If you really want to run a file as root from a webserver you can try this binary wrapper below. Check out this solution for the same thing you want to do.
Execute root commands via PHP
Without really knowing the complexity of the setup, I like the sudo route.
First, you must configure sudo to permit your webserver to sudo run the given command as root. Then, you need to have the script that the webserver shell_exec's(testscript) run the command with sudo.
For A Debian box with Apache and sudo:
Configure sudo:
As root, run the following to edit a new/dedicated configuration file for sudo:
visudo -f /etc/sudoers.d/Webserver
(or whatever you want to call your file in /etc/sudoers.d/)
Add the following to the file:
www-data ALL = (root) NOPASSWD: <executable_file_path>
where <executable_file_path> is the command that you need to be able to run as root with the full path in its name(say /bin/chown for the chown executable). If the executable will be run with the same arguments every time, you can add its arguments right after the executable file's name to further restrict its use.
For example, say we always want to copy the same file in the /root/ directory, we would write the following:
www-data ALL = (root) NOPASSWD: /bin/cp /root/test1 /root/test2
Modify the script(testscript):
Edit your script such that sudo appears before the command that requires root privileges(say sudo /bin/chown ... or sudo /bin/cp /root/test1 /root/test2). Make sure that the arguments specified in the sudo configuration file exactly match the arguments used with the executable in this file.
So, for our example above, we would have the following in the script:
sudo /bin/cp /root/test1 /root/test2
If you are still getting permission denied, the script file and it's parent directories' permissions may not allow the webserver to execute the script itself.
Thus, you need to move the script to a more appropriate directory and/or change the script and parent directory's permissions to allow execution by www-data(user or group), which is beyond the scope of this tutorial.
Keep in mind:
When configuring sudo, the objective is to permit the command in it's most restricted form. For example, instead of permitting the general use of the cp command, you only allow the cp command if the arguments are, say, /root/test1 /root/test2. This means that cp's arguments(and cp's functionality cannot be altered).
I was struggling with this exact issue for three days. I had set permissions on the script to 755. I had been calling my script as follows.
<?php
$outcome = shell_exec('/tmp/clearUp.sh');
echo $outcome;
?>
My script was as follows.
#!bin/bash
find . -maxdepth 1 -name "search*.csv" -mmin +0 -exec rm {} \;
I was getting no output or feedback. The change I made to get the script to run was to add a cd to tmp inside the script:
#!bin/bash
cd /tmp;
find . -maxdepth 1 -name "search*.csv" -mmin +0 -exec rm {} \;
This was more by luck than judgement but it is now working perfectly. I hope this helps.
It's a simple problem. When you are running from terminal, you are running the php file from terminal as a privileged user. When you go to the php from your web browser, the php script is being run as the web server user which does not have permissions to execute files in your home directory. In Ubuntu, the www-data user is the apache web server user. If you're on ubuntu you would have to do the following:
chown yourusername:www-data /home/testuser/testscript
chmod g+x /home/testuser/testscript
what the above does is transfers user ownership of the file to you, and gives the webserver group ownership of it. the next command gives the group executable permission to the file. Now the next time you go ahead and do it from the browser, it should work.