I am writing a PHP script for the GUI of a Cent OS server. For testing purposes I have set up the Apache as localhost. Cent OS does not automount a connected USB device. In PHP I need to check if a USB device is plugged in then mount it and list the file content for the user. This is quite simple in bash, however I am unable to make it work in PHP. I have played around with both the exec() and the shell_exec() functions with no avail. I have tried the commands both manually i.e.:
shell_exec("sudo mount /dev/sdb1 /mnt");
and through a bash script:
exec("./mountlist.sh");
Is there a function in PHP I can call that will do the same thing, or am I missing something with the exec and shell_exec functions. Both functions work fine in the shell. Since mount is a root command I included sudo in the bash script.
You can't sudo from inside a PHP script - there is no way to type in the sudo password.
You could create a shell script and use the STICKY bit to have it run as the root user
http://www.dba-oracle.com/linux/sticky_bit.htm
That's how the passwd command can write to the password file owned by root even though you are running it as a normal user.
Also - you could grant the web user permission to mount/unmount file systems (add him to the fuse group on most systems), but that's more open-ended and rather dangerous if your web server gets hacked, so I would go with shell scripts and sticky bits for your purposes.
Related
I am desperately trying to mount a CIFS share on a Debian 10 box through a web user interface and get it accessible for the whole system. The mount command is executed successfully but the mount point is not listed in /etc/mtab or /proc/mounts and therefore also not shown by the mount command.
I am using apache2 as a webserver and I tried different approaches all with the same result.
The goal is to use a php-script with Apache or Nginx that mounts a share that is valid and visible for the whole OS just like if I used the mount command on the commandline.
I have tried different ways with a mount.php that calls a bash-script to mount the share:
added www-data to sudoers without password and call the script containing "sudo mount ..."
used a c-compiled wrapper that is executed as root which calls a bash-script that mounts the share
installed php-fpm with a root-enabled socket to call the bash script
let the bash-script add the share into /etc/fstab and execute mount -a
All these approaches work as they should if called from the command line, even when called as www-data user (where possible).
They all also seem to mount the share when called through the web interface, because if I use the same techniques to launch a mount without any parameters in a php-script from the website the mount is listed as it should be. Also a second try to mount the share through the web interface gives the message that the device is busy.
But when I use the mount command without any parameters on the command line the mountpoint is not listed nor do I find it in /etc/mtab or /proc/mounts.
In the last approach, where I let the script edit the /etc/fstab and call a 'mount -a' the behaviour is exactly the same (listed in web interface but not on command line), but when I reboot the share is mounted as expected and visible.
So I am very sure that I am overlooking some kind of userspace / sandbox / terminal restriction where apache2 runs in that has some effect on the mount command. What is strange, because I even can edit the /etc/fstab with the scripts and seem to have root access to everything - even to mount, otherwise it would not start at all. But anyhow the mount command seems to write it's mount-results somewhere else when invoked through the web interface.
Does anybody have an idea that points me in the right direction?`
Thanks in advance,
Axel
Apache2 has a property "PrivateTmp" which is set in /etc/systemd/multi-user.target.wants/apache2.service. Try commenting it by putting a hash (#) in front of the line.
Mount uses the temp folder and if Apache uses a private temp folder it might not appear in the mount list.
If you have troubles with permissions, and dont want to dig too deep on that, i recommend to use a simple Write to File function in PHP, then, with a CRON JOB execute a script that if find that file, delete it, and execute the function you desire. That cron job should not have any permission issues on the complete computer.
My company have a cloud dedicated server, hosted in google cloud, running centos 7 with apache2, php5.5 and mariadb running.
The webserver is running a private application for business clients and companys. Every client has his own database and subdomain, so they, and their own clients can access his applicacion going to http://theirname.example.net/
I've created an interactive command line script for client creation. It creates user and secure password, ftp custom folder, create mysqldatabase and populate it with a sql file, create subdomains and other thing. Also i've made another version of this script with no user interaction, receiving parameters as the client name via command line arguments ( /path-to/script.sh usertocreate mysqluser mysql pass).
So, here is the deal, i want to create a web interface, password protected, just available for my company IP address, this interface should be able to run these SH scripts (not the interactive ones) with sudo permissions.
I was thinking on create a subserver in other port (like http://example.org:2501) using another instance of apache (or other webserver) which runs with a specified user with sudo permissions enables only in the neccesary folders.
Before doing anything, i've created a PHP script which runs commands to console, and tried to run SUDO commands with that. Allowing apache user to sudoers list (just to make it work during develop). I could run these scripts from my web app without SUDO permissions, but they where not working at 100% (since some commands require SUDO). When i try with sudo i receive a code 127 error responde (permission problem).
I stopped there and decided to investigate the best way to do this.
I have full control of the server machine. Apache2 and everything normal is running well. (mariadb, proftpd with passive mode active -100 ports added- )
SELINUX is DISABLED. Firewalld Running
SSH is available for use
I can install another webserver in another port to accomplish this. If a lot of HTTPD configurations should be changed to accomplish this, i will preffer to install another webserver
I can also install any 3rd party software.
I'm a PHP Developer with low experience in other programming languages, if it's necesary to invoke any other programming language to do this (maybe like Python) i would love some docummentation links
Access to this web application would be limited only to my company's static ip address and will be protected
Any thoughts/ideas ? Thanks in advance
PS: If someone want to edit my text and add some colours and format, edition will be aprovved
EDIT TLDR: I want to run another httpd in another with a webapi. This webapi should can run console commands as SUDO. Access to this webserver will be limited to my company's IP. I'm not sure if this is the best way to do it and i want opinions. Also, i'm not pretty sure if its possible to run sudo commands from php without any trouble.
I'm using PDFTK to merge some PDFs on my Amazon EC2 instance running Windows Server and IIS7.
When I try running PDFTK using PHP exec(), it does not work. For example:
<?php
$e = exec("pdftk");
var_dump($e); //output is: string(0) ""
?>
I can get other commands to work using exec such as exec("ping 192.168.2.1") but I can't get PDFTK working.
I can also run pdftk from DOS command line, so I know it's installed properly.
I also set the permissions to pdftk.exe to full access for all users (thinking this was a permissions issue).
I remember having a similar problem when I installed PDFTK on another Windows Server Amazon EC2 instance, but I forgot exactly what I needed to change. I thought it had something to do with IIS_USR Permissions but it was a while back and I don't remember the specifics.
Thank you.
The application either needs to be in the same directory as the script, or within the $PATH environment variable for the user executing the PHP script. With IIS, this is not the user you are logged in with.
i read so many similar questions but nothing works with me
im using wamp 2.2 ,Apache 2.0 , PHP V5.3.8
safe_mode=off - disabled_functions deleted from php.ini i'm trying to exec
exec("chrome.exe google.com");
nothing happens and when i try
exec("calc");
the windows shows weird message to execute calc in different user although i changed the user for the apache service to Administrator and i verify the user using
exec("whoami");
where is the problem?
Environment path for CMD and php shell might not be the same.
You either have to give entire path of the file, or export the path of chrome.exe in php first
Also, I believe that chrome.exe opening a page requires XServer, php can't open graphical interfaces in shell. These commands are not passed to actual shell as a parent, so php file can't "launch" applications for you.
Please read specifics of the exec function:
PHP exec Reference
Also try adding 2> errors.txt to see what are the errors if any in the execution of the programme.
--
The program needs to know what X server to connect to, and it needs to have permissions to connect to that server. You specify the X server with the DISPLAY environment variable; this will usually be set automatically if you are running the PHP program from a terminal in
X, or from a GNOME panel or something similar; however, if you are running the PHP script in some other manner, it likely won't know what X server to connect to.
X has various ways of specifying permission to connect to a server, but the most common one is using a file called ".Xauthority" in the users home directory. Because only the user who is logged in at the X server can read this file, they are the only user who can run GUI programs. So, if you start the PHP user as the same user who is logged in at the X server, you shouldn't have any problem with permissions. However, if the PHP program is running as a different user, you will have to give that user permission to access the X server.
Reference: http://bytes.com/topic/php/answers/838364-cant-launch-graphical-apps-php-exec-ubuntu-8-04-system
(I know that link is for linux and won't have exact same solution for Windows, but exec() still needs to know which X interface to refer to)
Stop Apache running as a service.
When windows runs a service it it is not running directly as the user that started the server or manages due to this it could well be starting chrome in a service environment so you wont see it load on your desktop there are 2 ways to get around this
Stop apache service browse to your apache directory and run httpd.exe manualy then try your script it should work or if it is not required to be running though a web request so it not using anything from the browser you can allow it to work with c:\wamp\php\php.exe yourfile.php (your php path should be replaced for c:\wamp\php)
Try PHP script?
<?php shell_exec('notepad.exe');?>
It's working.
I am looking into a way to reboot a remote dedicated server using php. While doing research on Google I read about Python shell client. Is there is something similar in php?
Can I use php to reboot a remote server using shell commands? and what is needed to do so?
I assume that you want a web based shell implemented in php.
In that case you can look at this http://ajaxshell.sourceforge.net/
and this http://sourceforge.net/projects/ajaxshell/
Using these scripts you can run arbitrary shell commands.
But remember 2 things.
1. password protect the web shell app
2. The shell will run commands as the apache user. If you want to reboot the server, apache may need root privileges. Running apache as root is usually considered as not a good practice.
You probably can, by using exec(), passthru() etc. Is it a good idea, I'm not sure : you'll have to give reboot privileges (I don't know exactly, but it's almost root...) to your php user.
Just to be sure, what you want to do is to call a web page that will reboot your server, or it's more complicated that that?
There is a shell equivilent for PHP. I recently published a project that allows PHP to obtain and interact with a real Bash shell, you can even easily get a shell with root. Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
//if PHP is running on the server you want to reboot:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
//if PHP needs to SSH to the server first
$shell = \MTS\Factories::getDevices()->getRemoteHost('ip_address')->getShellBySsh('username', 'password');
$strCmd = "reboot";
$return1 = $shell->exeCmd($strCmd);