I've got a recently setup server which is running Apache and PHP 5.3.9, every request made to the server results in an error in the error log file:
sh: line 0: cd: /root: Permission denied
The error is happening before any PHP code is executed so it must be something in the setup somewhere but it's a new box and is running a stock configuration.
What would cause this error?
EDIT:
Running on Amazon Linux (EC2) 2.6.35.14-97.44.amzn1.x86_64
It shouldn't be running any scripts, it's running PHP in mod_php mode, not CGI and the error is happening before and PHP code is executed
Could look like a script that does not have executable rights.
If you know which script it is, you can give it the rights by:
chmod +x /path/to/your/script.sh
As root or with sudo infront.
Edit:
Looking agin, it looks like your script is trying to cd to your /root folder.
Most likely the script is run by another user which does not have permission to cd to /root.
Only root has that
This is the AWSSDKforPHP doing this.
Inside /usr/share/pear/AWSSDKforPHP/sdk.class.php you will find:
$_ENV['HOME'] = `cd ~ && pwd`;
For some silly reason, it's trying to "cd" into /root. Change that line to the following:
$_ENV['HOME'] = "/var/www"; #`cd ~ && pwd`;
And it will go away.
Related
I want to trigger the screen power on a raspberry pi from an simple php site.
I'm using apache 2 and php7 on raspbian and the files are stored on /var/www/html/controller and all have chmod 777 set.
this is how my php site looks:
<?php
if ($_GET['on']) {
shell_exec("/var/www/html/controller/on.sh");
}
?>
turn on
and my on.sh file like this:
#!/bin/bash
vcgencmd display_power 1
when I click the link I get the following error:
VCHI initialization failed screen
Any suggestions how to fix this?
I figured out that the .sh files need more permissions. To be more precise the user www-data as described here https://unix.stackexchange.com/a/127529
To do so:
Run the command sudo visudo
add www-data ALL=NOPASSWD: /var/www/html/controller/ on the very end
modify shell_exec("/var/www/html/controller/on.sh"); to shell_exec("sudo /var/www/html/controller/on.sh");
I'm trying to execute a php script but i'm having this kind of errors:
Warning: file_put_contents(/sys/class/gpio/export): failed to open stream: Permission denied in /home/pi/php-gpio/src/PhpGpio/Gpio.php on line 99
Warning: file_put_contents(/sys/class/gpio/gpio17/direction): failed to open stream: Permission denied in /home/pi/php-gpio/src/PhpGpio/Gpio.php on line 103
I've tried to set up the permission in the $ sudo visudo like this:
www-data ALL=NOPASSWD: path/to/my/script
or
www-data ALL=NOPASSWD: ALL
but is not working, i'm able to execute this script only with sudo form the command line!
Thanks in advance!
If you using in your computer, you must change the default directory permission:
$ sudo chmod -R +w /sys/class/gpio/export
else if you run code in a server, in server panel and in section files (e.g. CPanel) change permission and add write right.
Another way is running exec() command:
<?php
exec('chmod -R +w /sys/class/gpio/export');
?>
However, php should have exec right and running with root!
I recently published a project that allows PHP to obtain and interact with a real Bash shell (as root if requested), it solves the limitations of exec() and shell_exec(). Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('/sys/class/gpio/export');
$return2 = $shell->exeCmd('/sys/class/gpio/gpio17/direction');
//the return will be a string containing the return of the command
echo $return1;
echo $return2;
In terms of security it is far better than running apache as root, or the wide open sudo permissions in your question. But letting PHP anywhere near root is always tricky.
The project i built achieves a root bash shell in one of 2 ways:
1) You allow apache the right to sudo python.
OR
2) You pass root credentials to the object every time you need a shell with root setup.
Pick your poison. :) Read the documentation.
Server: Ubunto
Asterisk Version: 11.x
Directory: /usr/share/asterisk/agi-bin/
File: call_handle.php
Directory Permission: 755 root root
File Permission: 755 root root
asterisk.conf
astagidir => /usr/share/asterisk/agi-bin
extensions.conf
same => n,AGI(call_handle.php)
When I dial any number this AGI PHP Script is run.
But, It will give me this message in asterisk console.
Asterisk Failed to execute '/usr/share/asterisk/agi-bin/call_handle.php': Permission denied
I am not sure why this message is comes up. It has execute permission with ROOT user
The probable issue seems to be with the file ('/usr/share/asterisk/agi-bin/call_handle.php') not falling in the user group of Asterisk daemon that is asterisk:asterisk
That is to say - Asterisk daemon should have the ownership of this file.
Secondly, there is also a possibility that the user who is actually running this Asterisk daemon is not having the execute permission of this daemon.It should be there.
I got answer myself:
Set PHP Envirement in my php script and it will run by asterisk.
I have set following in my php file at first line:
#!/usr/bin/env php
Reff: PHPAGI: Exec format error
First ensure file can be executed
chmod a+x /usr/share/asterisk/agi-bin/call_handle.php
After that check that selinux not enabled or setup correctly
Disable selinux on Centos/Redhat
echo "SELINUX=disabled" > /etc/sysconfig/selinux
After that need reboot
I tried to compile my latex file in php script, but it can't call xelatex.
In php script:
system("/usr/bin/whoami");
system("/usr/bin/xelatex foo.tex 2>&1");
output:
myuser
sh: 1: /usr/bin/xelatex: not found
But in my terminal:
$ /usr/bin/whoami
=> myuser
$ /usr/bin/xelatex foo.tex
This is XeTeX, Version 3.1415926-2.2-0.9995.2 (TeX Live 2009/Debian)
...(successful output)...
I run php as myuser, and pass system() absolute path. And I turn safe_mode off. Why can't I still execute external programs?
Finally I contacted my system administrator and found the problem. The machine is in a NFS, so the apache and login shell is on different machines. There is no xelatex on the machine where apache is running.
Check the permission of the directory from where you running you PHP code. check for myuser permissions
just for verification try it with root.
Hope this help
Are you sure it's not the file 'foo.tex' which it is unable to find? Try having the shell output to a file, e.g. system("/usr/bin/xelatex ./foo.tex > ./test.out"); and see what luck you get then.
I am trying to run a command line file conversion using open office.
openoffice pdf filename.doc 2>&1
when i execute in command line as root it works fine and the file is converted. However when i pass the above command in a PHP file as apache user, it does not execute.
I tried all three PHP command line execution:
$command_output=system($command_line,$rtnval);
$command_output=exec($command_line,$rtnval);
$command_output=passthru($command_line,$rtnval);
Also,
echo print_r($rtnval);
echo print_r($command_output);
$rtnval returns 1 and $command_output 1. I am confused unable to know what is the linux (centos) response to above command passed. It is very frustration because unable to know what the system response when i try to execute the command.
I also included /etc/suders permission for apache to run the open office command.
apache ALL: (ALL) NOPASSWD: /path/to/openoffice
still the command is not execute in PHP as apache user.
What am i missing for PHP as apache user not to execute this command?
It could be that openoffice is not in PATH. Try to execute it with the full path.
To run your command as if you were the apache user, just try this in a shell:
# switch to superuser
sudo su -
# then switch to the apache user
su - www-data
You will find yourself in a quite restricted shell, from which it is usually not possible to start openoffice. Indeed, it requires a lot of environment, that would be unsafe to completely set up for apache anyway.
AFAIK, better create a dedicated user that is allowed to run your command (eg a regular "www-runner" user), then "su" to it from PHP. Other security measures include chroot'ing the dedidacted user, or using apparmor to limit what and where it is allowed to run. In any case, never let www-data run something as root by adding www-data to the sudoers: this is way too dangerous!
You can also have a look at libapache2-mod-suphp (a suid apache module to run php scripts with the owner permissions).It is easier to use than the dedicated suEXEC apache beast (http://httpd.apache.org/docs/2.0/suexec.html). The latter really is not for a quick fix ;)
It is possible that your php in apache runs in safe mode or what's it called, in which system() function and alike are disabled.
This answer, actually, assumes that what you call "running as apache user" is in fact running in apache environment, whatever it is.