How can PHP be used to create a number of commands in the terminal? For example, if I want to change the permissions on a folder or a file, I might run
Sudo Chmod 777 FileName
from the command line. How could I do this with PHP?
Look at exec, system etc: http://www.php.net/manual/en/book.exec.php
Obviously, if you are going to use sudo for root access stuff (not recommended) then you would need to either supply a password somehow or set the user which PHP is running as to not require a password.
It may be better to use an SSH call for this and supply the command to execute via that command.
To sum up, I really don't recommend using PHP (or any language for that matter) to run a series of commands which then uses sudo
To give permission to folder or file in php use following line of code
chmod($file,0777);
this will change the permission of file or folder.
Related
So I'm working with a designer on a website in PHP/MySQL and there are a few scripts that he would like to have to make life easier for him. He is pretty comfortable using the command line for stuff like git, SASS, node, etc. I would like him to be able to run my scripts like he would run a program, instead of running it through PHP.
So instead of this:
php /path/to/file/create_module.php module_name
I would like to do this:
myscript create_module module_name
Is it possible to do this with PHP on an Apache server? I know I will most likely have to modify the server to interpret it properly, which is fine. I just don't even know where to begin, and couldn't find what I needed on Google.
Your best bet would to be to create an alias.
So an alias of myscript would actually point to the command: php /path/to/file/create_module.php and then any extra arguments will be passed as typed.
In command line, do the following:
cd /etc/
nano bash.bashrc
At the very bottom of the file, add this line of text:
alias "myscript=php /path/to/file/create_module.php"
BASHRC is a script that is run on user login, so the alias will be recreated every time the user logs into the system.
I am not sure what you are looking for myscript to do, but to run a php script via the command line without specifying the php binary, just add a a shebang, like
#!/bin/env php
<?php
// The above expects env is in /bin
$foo = "bar";
Or the full path if you like
#!/usr/bin/php
Another option: Shell script wrapper
create a new text file in /bin or another directory in your PATH, name it how you would like to invoke your script and give it this content
#!/bin/bash
cd /path/to/your/php/scripts/folder
php script.php $*
don't forget to
chmod a+x /path/to/bash/script
The advantage of this is that your PHP script is run in the right directory where it may expect other resources to be that it depends on.
On A Linux Solution:
/usr/bin/php /path/to/file.php
On a Windows Solution:
C:\Path\To\PHPExe C:\Path\To\phpfile.php
I have to automate a process using php in which I have to append content in a file.
The file does not have any specific permissions specified but the folder 'abc' has read only permissions, so fopen() prompts permission denied when I try to append a file.
But I can edit the file manually and also from the command prompt. So I tried the following:
When I try
echo exec("echo Testing>>\\xx.xx.x.x\C$\abc\test.txt");
in my script, it does not work.
If the same command
echo Testing>>\xx.xx.x.x\C$\abc\test.txt
is run on cmd it works.
I even tried psexec:-
echo exec('C:/psexec \xx.xx.x.x cmd /c \"echo Testing>>C:\abc\test.txt\"');
again when i run
C:/psexec \xx.xx.x.x cmd /c "echo Testing>>C:\abc\test.txt"
on cmd it works fine.
Is it anything to do with exec() that I am doing wrong?
OR Is there any other way I can edit file, because I should not change the folder permissions but still get the process automated.
I assume you are using Windows. On Debian Linux, I would tell you to give write permissions to user www-data on the appropriate directory.
You probably need to give the local IIS worker account write permissions on the directory. The local IIS worker account is likely named something like IUSR_[SERVERNAME].
Some webhosts decides to remove the function exec for security reasons.
view your php info and check if yours is disabled.
I am currently over ssh on a remote CentOS 5.6 system which runs an Apache webserver. I need to use the poppler pdftohtml binary which, unfortunately, is not currently installed on that machine. So I downloaded the poppler package and built it under my user folder. Since I I am not the system admin, I didn't do
make install
and I have all my compiled files under
/users/myfolder/poppler-0.18.2/
The file that I need to execute through php shell_exec() is
/users/myfolder/poppler-0.18.2/utils/pdftohtml
If I execute it through my ssh bash, I get the correct output. If I, instead, put this line on a php script:
echo shell_exec("/users/myfolder/poppler-0.18.2/utils/pdftohtml");
I get the following output:
sh: /users/myfolder/poppler-0.18.2/utils/pdftohtml: Permission denied
I tried setting to 777 the file permissions, which currently are -rwxrwxrwx. I also noticed that using shell_exec("whoami"); results in "apache". Shouldn't apache be able to execute the script if the file permissions are -rwxrwxrwx?
I also know that installing poppler through make install would solve the problem but since this is for testing purpose, I would like to avoid "contaminating" the system outside my personal folder until the testing is complete.
Thanks to anyone who will help!
Just because a file is executable for a user does not mean that user is actually able to execute the file. The user needs to also be able to 'get to' the file: The user needs execution permission for all 'parent directories', in your case for /users, myfolder, poppler-0.18.2 and utils.
Assuming /users is the same basic thing as /home, everybody should have +x on that. From there, you can set it: simply do chmod o+x /users/myfolder /users/myfolder/poppler-0.18.2 /users/myfolder/poppler-0.18.2/utils
(Note: This will make it possible for everybody to execute this binary, not just Apache.)
If the apache user and you share a group, it would be better to use chown the poppler directory and everything in to be owned by that group, and set g+x instead of o+x.
Given a script test.php that has the contents:
#!/usr/bin/php
<?php
echo exec('whoami');
chmod('test.txt', 0755);
and a plain text file test.txt in the same directory as itself, it works fine if the user who created those files runs the script. However, if I do something along the lines of:
chown apache:apache test.php test.txt
chmod 4775 test.php
That gives the test.php the ability to run as the 'apache' user, no matter who's running it. But when I run it in that context, I get a "Warning: chmod(): Operation not permitted" error. And the user that gets echoed by the "whoami" command is the generic user, not the 'apache' user.
So, is there a way to allow a PHP script to run as a particular user, other than granting users sudo access to run the script as 'apache'?
So, is there a way to allow a PHP script to run as a particular user, other than granting users sudo access to run the script as 'apache'?
You must be missing something. Either you allow apache to execute the file under a different user (sudo/suexec) or not. However, this is merely configuration. So you should first decide what you want to achieve and then configure the server as needed.
So if you want to run the PHP script under a particular user, you do this with making use of the sudo functionality and specifying the user. Apache will then execute the script under that configured user.
If you do not like to make use of sudo then, well, then there is no other option then to run the script under the user that runs apache or apache has been configured to use for invoking the scripts.
So make your decision what you want to achieve. But if you want to change the user, the only way I'm aware of (probably there's something else as well but I doubt it) is making use of the apache sudo feature(s).
I have a file that is a bash script that requires SUDO to work.
I can run it from the command line using SUDO but I will be prompted to put in the SUDO password.
I want to run this script from php via shell_exec but I if I call SUDO, its not like a command line where I can be prompted for the password. Is there a way to pass the password for sudo with the sudo call?
How can I do this?
Edit the sudoers file (with visudo) and add a rule that allows the web server user to run the command without a password. For example:
www-data ALL=NOPASSWD: /path/to/script
There are various solutions for this problem.
First of all, consider changing the script permissions, if reason why you want sudo is simply a permission issue (see the comment I added to the question above).
Another approach would be using the setuid bit. [Edit: Looks like setuid does not work well with scripts. For explananations, see this link.]
A third, but very insecure method is to read the password from a password file. Warning: This is very insecure, if there's any other possibility, don't do it. And if you do it, try hiding the password file somewhere in your folder hierarchy.
<?php
shell_exec('sudo -u root -S bash script.sh < /home/[user]/passwordfile');
?>
And a fourth possibility is to use the NOPASSWD tag in the sudoers file. You should limit this power to the specific commands you need.
You can add something like this to your sudoers file:
username ALL=NOPASSWD: /path/to/script
This will allow that particular user to call sudo on that particular script without being prompted for a password.
The best secure method is to use the crontab. ie Save all your commands in a database say, mysql table and create a cronjob to read these mysql entreis and execute via shell_exec(). Please read this link for more detailed information.
* * * * * killProcess.php