I want to create a file in PHP using shell_exec. Here's the statement I'm trying:
$out = shell_exec('sudo touch maintenance.flag 2>&1 1> /dev/null');
And contents of $out are
sudo: no tty present and no askpass program specified
I'm on Ubuntu 11.10, so I visudo to take a look at the sudo permissions. I set sudo to:
%sudo ALL=(ALL) NOPASSWD: ALL
but it's still not working. What are some things or alternatives I can try to resolve this?
Related
I have a script which I want to call from my PHP code. The following is the script file I have:
listwifi.sh
sudo iwlist wlp1s0 scan | grep SSID
To this I've also given executable permission by using sudo chmod +x listwifi.sh
The following I've added at the end pf my sudoers file (using visudo):
apache ALL = NOPASSWD: /var/www/html/mypath/osscripts/listwifi.sh *
www-data ALL = NOPASSWD: /var/www/html/mypath/osscripts/listwifi.sh *
I had also tried with :
apache ALL = NOPASSWD: /usr/bin /var/www/html/mypath/osscripts/listwifi.sh *
www-data ALL = NOPASSWD: /usr/bin /var/www/html/mypath/osscripts/listwifi.sh *
I'm using the following PHP code to call this file:
exec(getenv('BASE_DIR') . "/osscripts/listwifi.sh", $output);
var_dump($output);
But I keep getting the following error:
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
How can I make PHP execute this file as root without having to enter the password?
Take the sudo out of the script and call the script as
sudo /var/www/html/mypath/osscripts/listwifi.sh
The sudoers configuration is for the command being invoked via sudo, not where it's invoked from...
I am using ubuntu server 20.04 LTS, where I have multiple shell files, using php from apache I need to run multiple shell files from a browser but need to run as root.
I have tried the command shell_exec and added sudoers (www-data) and none works, which I can put in the code to enter as root and be able to execute the shell script.
<?php
$code = shell_exec('echo "passwd" | sudo -u root -S sh /home/user/name.sh');
echo "<pre>$code</pre>";
?>
Because your are executing this script as www-data and www-data doesn't have the required privilege to execute any sudo commands.
You can try the following steps.
Modify www-data in /etc/sudoers to be able to execute a script as the superuser. This is a sensitive file and you have to use visudo as the editor to make the changes.
$ sudo visudo -f /etc/sudoers
www-data ALL=(ALL) NOPASSWD: /home/user/name.sh
This will allow www-data to execute the script as the superuser without a password.
In your PHP code change the command in your shell_exec() as follows:
$code = shell_exec(sudo sh /home/user/name.sh');
Make sure your name.sh is set up with proper file modes to protect yourself.
I get this error when running a program from www-data.
Error
sudo: no tty present and no askpass program specified
But I have added the following to sudo visudo
www-data ALL = NOPASSWD: /var/bin/poppler-0.65.0/build/utils/pdfimages
The path /var/bin/poppler-0.65.0/build/utils/pdfimages is correct.. I have tested it from a terminal.
Command
sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list
data/scan_voucher/17.pdf
As you said that already setting up sudo visudo correctly, I will first take a look at Tarun Lalwani links, specially the part about disable requiring tty in your sudoers :
Defaults !requiretty
Try to do the same command but with flag -S actived (sudo -S yourcommand)
The -S (stdin) option causes sudo to read the password from the
standard input instead of the terminal device.
If it doesn't work for you, you can try a trick that seems to work like this one (from here):
echo '' | sudo -S your_command
That will send an empty password to first prompt to enter password.
How are you executing this from PHP? Try with:
#exec("sudo /var/bin/poppler-0.65.0/build/utils/pdfimages -list data/scan_voucher/17.pdf");
Hope that it helps!
i am trying to execute pkill command by php script.
killengine.sh script runs fine from terminal, both with ./killengine.sh and php restart.php.
this is killengine.sh
#!/bin/bash
sudo pkill -f engine
and this is restart.php
$out = shell_exec("/var/www/killengine.sh 2>&1");
var_dump($out);
Both files have 755 permissions. Ownew of restart.php is apache, and root is owner of killengine.sh. Also i tried with both owners to be root/apache.
In visudo i made this changes:
Defaults:apache !requiretty
but i get: "sudo: no tty present and no askpass program specified"
Then i tried with
Defaults!/var/www/killengine.sh !requiretty
then i get: "sudo: sorry, you must have a tty to run sudo"
Also, this line is present all the time at the EOF
apache ALL=NOPASSWD: /var/www/killengine.sh
but without success.
OS is Centos 6
Any ideas?
solution:
changed restart.php to
$out= #shell_exec("sudo /var/www/killengine.sh");
I have created a file test.sh which looks like this:
#!/bin/sh
mkdir /testDir
If I run the script on the command line like: sudo /path/to/test.sh it successfully creates the directory.
I have added the sudo permissions like this in the visudo:
www-data ALL=NOPASSWD: /path/to/test.sh
and I am running the script like this in my .php file:
shell_exec('sh /path/to/test.sh');
But no directory is being created!
What am I doing wrong?!
Correct user for sudo permissions?
When I run shell_exec('whoami') on the php file I get:
www-data
Correct path to script from php?
I have tested the shell script by adding an echo statement like:
#!/bin/sh
mkdir /testDir
echo "hello"
And when I run the .php command like:
echo shell_exec('sh /path/to/test.sh');
the .php page returns
hello
I have also tried in the test.sh:
output=$( mkdir /testDir )
echo "$output"
but nothing is returned
Update
If I add this to the visudo:
www-data ALL=(ALL) NOPASSWD: ALL
it works!! But when I do:
www-data ALL=(ALL) NOPASSWD: /path/to/test.sh
It doesn't... As you know already know.
I have found a good way to debug by also changing the PHP to
echo shell_exec('sh /path/to/test.sh 2>&1 1> /dev/null');
and it returns the error:
sudo: no tty present and no askpass program specified
So I have tried:
adding Defaults:www-data !requiretty to the visudo but no luck!!!!
adding -t and -A to the sudo command... (ie sudo -t ...)
adding export SUDO_ASKPASS=/usr/lib/openssh/gnome-ssh-askpass before the sudo command and that then just leads to a whole new world of errors.
I have no idea about this requiretty as it does not seem to be anywhere on my ubuntu system. It is not mentioned once in the visudo?
I have spent too long on this!
Can someone tell me what the problems that I could come across if I did just do:
www-data ALL=(ALL) NOPASSWD: ALL
?
If
www-data ALL=(ALL) NOPASSWD: ALL
works, but
www-data ALL=(ALL) NOPASSWD: /path/to/test.sh
does not, then clearly the executed command does not match /path/to/test.sh.
And looking at your code, you are actually not invoking /path/to/test.sh:
sh /path/to/test.sh
You are invoking sh! With /path/to/test.sh as first argument, but still.
You either need to invoke the script directly (if that works):
shell_exec('/path/to/test.sh');
or update your sudoers file accordingly (note the full path of sh):
www-data ALL=(ALL) NOPASSWD: /bin/sh /path/to/test.sh
This worked for me: Added this to my ubuntu > sudoers file www-data ALL=/etc/path-to-my/script.sh
Hope this solves yours too
Some tips I would try:
try using exec instead of shell_exec
try disabling selinux if enabled
try to remove the /bin/sh prefix and use the shebang inside the script instead
become www-data (su www-data -s /bin/bash) and do your tests on the CLI
I hope this helps