I need to make a dump via pg_dump in php so i've got a function like this:
function fnDump()
{
exec("/usr/local/bin/sudo -u pg_user /usr/local/bin/pg_dump mon_alarm > /usr/home/user/monitor_test/renew_db/mon_alarm.sql",$out);
var_dump($out);
}
The problem is that mon_alarm.sql file is empty.
But when i execute this command via command line everything works fine.
What should i change to create a dump in php?
If you're running PHP under a standard webserver setup, that won't work because it will run under the context of the webserver user, so sudo won't let you change user context like that.
If this is a script you're going to have to adjust sudo to run only the pg_dump command as passwordless sudo permissions for the user, otherwise your sudo command will prompt for a password and ruin your automated process.
Related
I'm trying to get nightmarejs to work on my centos server and was able to do so by running xvfb-run however I need to call this command via a php exec() function.
when I do I'm just getting an empty result as though it doesn't work?
When I run it via command line (i.e. xvfb-run node my-script.js) everything works great. Any idea why it doesn't seem to work or be available to my php script?
Although Cono's answer does work, it is less secure as it gives YOUR_USER access to wheel, making YOUR_USER an administrator.
Instead, create a file in /etc/sudoers.d (RHEL/CentOS) with contents like: (presuming YOUR_USER is apache)
# Allow apache to run xvfb-run
Defaults:apache !requiretty
Defaults:apache visiblepw
apache ALL = NOPASSWD: /usr/bin/xvfb-run
This way, if the apache user is compromised they can only run the xvfb-run command.
(Answer thanks to ThirdNode)
Ok i figured it out. Basically, sudo access has to be granted for xvfb-run in order to call it via an executable script in php. To do so, log into terminal and do the following:
# sudo visudo
Make sure the wheel group is uncommented
%wheel ALL=(ALL) ALL
This means that users added to the wheel group will have access to call sudo commands
At the bottom of the file, grant your user access to the script
YOUR_USER ALL = NOPASSWD: /usr/bin/xvfb-run
Save your file and add your user to the wheel group
usermod -aG wheel YOUR_USER
finally, from your php script you can now call xvfb-run via sudo
<?php exec('sudo xvfb-run node my-script.js'); ?>
I am trying to build PHP wrapper for PowerBI. I installed PowerBI Cli (https://github.com/Microsoft/PowerBI-Cli) on my local and when I run any PowerBI Cli command on my terminal, it is working well. It is working well even when I run the commands using the _www user (sudo -u _www powerbi config)
However, when I run them through PHP using either shell_exec or Symphony's Process Component (https://symfony.com/doc/current/components/process.html), I am getting the following exception:
env: node: No such file or directory.
I am facing this issue on Mac Sierra. The commands are working well on Linux using the PHP exec()
Try linking,
"ln -s /path/where/command/is stored/ /to/path/where u want to exec/"
Sometimes the program are stored in usr/local/bin/program meanwhile as per default you are executing in usr/bin/program
And then in shell use the new path you have set.
Example for linking suppose if you have path for command,
/usr/bin/powerbi then with above command you can link new path usr/powerbi after that you can use new path in exec or shell command.
Try using the full path rather than the command. Without knowing your exact path I can't tell you exactly what to do but it would be something like this:
$output = shell_exec("sudo -u _www /path/path/powerbi config");
var_dump($output);
Edit:
Or, change directories first. So using my example above, it would be:
$output = shell_exec("cd /path/path/powerbi; sudo -u _www powerbi config");
I have a bash script:
run.sh
#!/bin/sh
cd /var/www/project/bin/
CMD="./executable <full_path_to_file>;
$CMD
When I run this program from the terminal. (i.e. ./run.sh, it works fine)
However when I call it from PHP:
system("full_path_to_sh_file", $out);
It calls the script successfully, and even runs the executable, but now the executable throws an error saying that the supplied file can't be found.
Any ideas?
How do you run PHP script, from webserver or command line?
If from webserver, what user is it run (httpd or apache?)
Make sure the environment as same as when you are running from terminal (for example: same user)
Try this if running as different user:
sudo -u apache /fullpath/run.sh
I need to execute a bash file from a php page, with exec() function. The problem is that in this bash file, there's the command "adduser" ... Witch is a sudo command. I had the idea of modifying the sudoers so the user that run the script would have access to it, but who is this user ? I know apache2 is executated with www-data user...
Thanks!
You can find out which user PHP is running as by using system to run the command 'whoami' and display the output.
system('whoami');
That seems like a rather bad plan, giving the www-user sudo access. But yes, its www-data (by default, depending on linux flavor) that apache runs under.
Here's my command:
sudo /usr/local/bin/jpegoptim --max=50 /home/someuser/public_html/reports/images/r121662.jpg
This command is supposed to compress an image. I tried running this command using backtick operator and shell_exec, neither will work. The file doesn't compress.
But this command runs when I run it directly in the shell logged in as someuser. I've modified sudoers to accept the command without requiring a password. The file is compressed when I run it in the shell.
Apache is configured to run with suPHP, and the PHP files belong to someuser as well. I've further ensured this by writing a test php script just saying system(id); and running it in the browser. That tells me that the script is indeed being run by someuser.
Also, safe_mode is off.
EDIT: Ok, I got it to output the error
sudo: sorry, you must have a tty to run sudo
Now, what does it mean?!
Thanks to Catalin , I was able to get an output. It said sudo: sorry, you must have a tty to run sudo which required requiretty to be disabled for someuser. That is the best solution I got, if there's a way to disable requiretty for a single user calling a single command, please let me know.
sudo typically requires terminal input (i.e., must have a tty) as it will attempt to ask the user for a password before allowing you to execute a command. Do you really need to use sudo to run the command? Try removing the sudo.
Try sudo -S to see if setting it to read the password from stdin (even though it doesn't need one) will bypass the test for a tty.