This is really simple but I cannot get it to work at all. Spent many hours and I've always give up. I created php script called copy.php and it should call a python script called copy.py.
I want to execute a command line like this
<?php exec('/var/www/html/copy.py'); ?>
Really simple.
Why cannot I get the python script executed from php exec()? The function inside python script is to get a copy of error_log from a different directory (outside of Apache) into html directory.
If I run that from a terminal
> php copy.php
It did execute the function and made a copy. Why is that the web browser isn't doing it?
Let me simplify this:
why cannot exec("cp /var/log/httpd/error_log /var/www/html/path/to/php/script") work?
it works fine if I type it in terminal but not when run in a browser.
As others have alluded to, the difference is probably permissions. When you run a command from the command line, you're generally not the same users as your apache script is running as.
Put another way, if from the command line you type whoami, you'll probably get whatever name your user account is.
The echo exec('whoami'); from within php shows who the script is running as, which is Apache.
So, whatever command you're trying to run from your web server isn't available to run as the Apache user. You mentioned you've been able to have exec("python /usr/diskpurge/script.py") work, but not to have exec('/var/www/html/copy.py') doesn't. This is due to in one instance you're running python, in the other you're trying to execute your copy.py script. If copy.py doesn't have execute permissions for the Apache user, you're not going to be able to run it from the browser.
Perhaps different settings apply for the Apache environment versus the command line.
Use error_reporting(E_ALL); and ini_set('display_errors', true) to see what errosr may come up.
It is possible that the Apache environment is prohibited from using exec or the fact that Apache runs under a different user that does not have execute rights on the python script.
sounds like a permission error. Check if your server is running with sufficient rights.
echo exec('whoami');
Set your error reporting to report all:
ini_set('display_errors', true);
error_reporting(E_ALL);
and check for errors..
If your whoami returns a user which is not a member of the SU family (linux) or administration (windows) then resite your permissions..
Linux:
Assign the user returned by whoami correct permissions to run python scripts.. Do not allow the resulted username to run as root with total administration powers.. This is a big no no
The only reason its not working is because you didn't set the write permissions!
Do:
sudo nano /etc/sudoers
And then put the following:
www-data ALL=(root) NOPASSWD:ALL
Related
I am using a php script on my apache/ubuntu server to call a bash script that triggers an application taking a python script as an argument (IDAPro).
PHP Code
chdir('/var/www/dashboard/team/static/sql');
$output = exec('sudo -u rohan ./start.sh');
Now, the above code works fine if I run the PHP file from the terminal - but only if I run it as the root user. Needless to say, if I execute the bash file directly it runs too.
But when I run the PHP file on the browser, it doesn't work and I get the following error in the apache error log:
QXcbConnection: Could not connect to display
Aborted
I understand that Apache/php runs as 'www-data' user (used the 'whoami' to verify), and that is why I have the sudo in my exec. I have tweaked and tinkered the permissions for both users to no avail. When I run the php file from the terminal as the 'www-data' user, it throws no error but does not do anything except display the random echo tags I at the start and end of the script to debug it.
I am a linux novice, so any help is greatly appreciated.
Okay, I finally managed to solve it.
The issue is not with the permissions, but it is with the environment variables.
I had to include the following line in my bash script
export DISPLAY=':0.0'
Note that setting the variable in the terminal and running the script does not work. The line needs to be inside the script.
I assume this is because the DISPLAY variable is not set if you run the script as any user other than root, which is what happens in case of Apache/PHP where the script is executed as the 'www-data' user.
perhaps you could use something like the following at the top of your script:
if [ "$(id -un)" != "rohan" ]; then
exec sudo -u rohan $0 "$#"
fi
export XAUTHORITY=/home/rohan/.Xauthority
export DISPLAY=:0
I am trying to execute Linux shell command from php but there is no output on web page. If I am trying to execute the php page from linux cosole its working fine.
PHP Code:
<?php
$result = shell_exec('asterisk -rx "core show channels concise"');
$ccount =shell_exec('asterisk -rx "core show channels count"');
echo $result;
echo $ccount;
?>
Above code is not giving any output on web page. But on linux console its woking. e.g.
[abc#host sysadminman]# php myfile.php
Asterisk control socket permissions can also be changed easily in /etc/asterisk.conf:
[files]
astctlpermissions = 0660
astctlowner = root
astctlgroup = apache
astctl = asterisk.ctl
First of all your question is incomplete as you not showing what is expected output. But aside from this you are doing a few common mistakes there.
First you are testing your script as root (# php ...) but your httpd is NOT serving your scripts as root. So your tests are useless. You should switch to right user (most likely www-data and then check to run your script from shell. Most likely it will fail for one of two common reasons - insufficient permissions to run asterisk program or incomplete $PATH not pointing to the place where asterisk is.
I agree to Marcin.
I would suggest you write script to execute those commands and put result to some storage (such as text or database). Use cron to run it in root. Then you read the data from storage on web page.
If you want real time response, you have to run cron all the time though it consume server resource. That is trade-off you have to consider. Its depends on what you wanna achieve from the web site.
Use sudo to run thoes commands as root or Asterisk user. You can configure sudo to allow execution without password to only specific commands.
check disable_functions in php.ini. Mb shell_exec just off for web server
I am using Amazon ec2 obunto micro instance. I have wrote a php code which executes a python code and echo the result which is a simple string. When I execute it on obuntu terminal it shows the result perfectly, but when I access it through the browser it doesn't show anything.
And I have no idea why. Actually it cannot execute the python script.
$tmp = exec('/usr/bin/python /var/www/similarity.py employee/unemployed/ waiter');
If anyonw can help me I would really appreciate it.
PS: I am using a mac book pro and when I use the same codes in the localhost of my computer everything works perfectly
After a lot of "scratching my head", I finally figured it out.
First of all you will need to figure out current user who is executing the php. You can either check out php.info file or use
$processUser = posix_getpwuid(posix_geteuid());
print $processUser['name'];
This will give you the user who is executing the code. In my case it was apache rather than www-data (I shouldn't have assumed so in first place).
After that you will need to edit the sudoers file (etc/sudoers)
Add the lines over there.
You can use #Janith's code, if you want to be specific.
apache ALL=NOPASSWD:/var/www/similarity.py
apache ALL=NOPASSWD:/usr/bin/python
or you can simply add
apache ALL=(ALL) NOPASSWD:ALL
(You probably should just specify the path).
Then execute the script through php.
This is permission problem to access python file. When you running it through server python script access as apache user(most probably www-data). So apache user doesn't having privilege to execute the python file.
What you can do it is run this command as sudo and add all necessary access to apache user(www-data) in /etc/sudoers file as below sample.
www-data ALL=NOPASSWD:/var/www/similarity.py
www-data ALL=NOPASSWD:/usr/bin/python
This is just the sample, you should change this line as according to your environment.
purpose: use php to input commands directly into the minecraft server console
Im trying to use a php script (run from browser) to exec() a shell script. when i run the php from a terminal it works! But in the browser, nothing happens.
exec('sudo -u root sh /home/minecraft/whitelist-reload.sh', $out, $ret_val);
When running from terminal, i get a "array 0" but the browser gives me a "array 1"
what is the issue?
and once i run the shell, shouldn't everything after that work as if you were on a terminal?(does it matter what is inside of shell script?)
the shell has all rx permissions and is in the sudoers file as
www-data ALL = NOPASSWD: /home/minecraft/whitelist-reload.sh
The problem is, that you run the script on a terminal as a user that probably has the sudo rights, whereas the apache/webserver user doesn't, so the $ret_val (which is actually just a status code) is set to 1 (means error).
try var_dump($out); in both cases to see the results of your exec call. To do this kind of thing from the browser, you might want to look into proc_open and family, or have a script that is chmod'ed to 777, so the apache user can run it, too. Let that script then call the actual shell script and return it's output back. This is, however very dangerous, and should only be used for testing environments on your own machine. Never do this in production environments!
I have posted a couple of questions here, too that might prove informative:
interaction over ssh
opening a second shell, and load profile variables AND call another script
Turns out... after inputting www-data into the sudoers file, all i needed to do was take of the "-u root" after it
I am having difficulty with the PHP exec() function. It seems to not be calling certain functions. For instance, the code echo exec('ls'); produces no output whatsoever (it should, there are files in the directory). That main reason this is a problem for me is that I'm trying execute a .jar from a PHP exec() call.
As far as I know I'm calling the java program properly, but I'm not getting any of the output. The .jar can be executed from the command line on the server. (For the record, it's an apache server).
My php for the .jar execute looks like this:
$output = array();
exec('java -jar testJava.jar', $output);
print_r($output);
All I get for output from this exec() call is Array().
I have had success with exec() executing 'whoami' and 'pwd'. I can't figure out why some functions are working and some aren't. I'm not the most experienced person with PHP either, so I'm not too sure how to diagnose the issue. Any and all help would be appreciated.
The reason why you are not able to execute ls is because of permissions.
If you are running the web server as user A , then you can only ls only those directories which have permissions for user A.
You can either change the permission of the directory or you can change the user under which the server is running by changing the httpd.conf file(i am assuming that you are using apache).
If you are changing the permissions of the directory, then make sure that you change permissions of parent directories also.
To change the web server user, follow following steps:
Open the following file:
vi /etc/httpd/conf/httpd.conf
Search for
User apache
Group apache
Change the user and group name. After changing the user and group, restart the server using following command.
/sbin/service httpd restart
Then you will be able to execute all commands which can be run by that user.
EDIT:
The 'User' should be a non-root user in httpd.conf. Apache by default doesnot serve pages when run as root. You have to set user as a non-root user or else you will get error.
If you want to force apache to run as root, then you have to set a environment variable as below:
env CFLAGS=-DBIG_SECURITY_HOLE
Then you have to rebuild apache before you can run it as root.
I have found the issue - SELinux was blocking PHP from accessing certain functions. Putting SELinux into permissive mode has fixed the issues (although, I'd rather not have to leave SELinux in permissive mode; I'd rather find a way of allowing certain functions if I can).
I have a solution:
command runs from console, but not from php via exec/system/passthru.
The issue is the path to command. It works with the absolute path to command
So that:
wkhtmltopdf "htm1Eufn7.htm" "pdfIZrNcb.pdf"
becomes:
/usr/local/bin/wkhtmltopdf "htm1Eufn7.htm" "pdfIZrNcb.pdf"
And now, it's works from php via exec
Where command binary you can see via whereis wkhtmltopdf
Tore my hair out trying to work out why PHP exec works from command line but not from Apache. At the end, I found the following permissions:
***getsebool -a | grep httpd*** ---->
**httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off**
USE: setsebool -P httpd_ssi_exec 1
SEE: https://linux.die.net/man/8/httpd_selinux
Your problem is not an execution issue but the syntax of the exec command. The second argument is always returned as an array and contains a single line of the output in each index. The return value of the exec function will contain the final line of the commands output. To show the output you can use:
foreach($output as $line) echo "$line\n";
See http://php.net/manual/en/function.exec.php for details. You can also get the command's exit value with a third argument.