I'm trying to mount an iscsi virtual disk, but if I execute the command through the exec function in php this give me that error: mount: special device /dev/sdf1 does not exist.
But if I run the command directly in the console it run well!!
What can I do?
I'm obtaining the /dev/sdf1 in a good way, and it exists, but only through php doesn't work.
Thanks
I'm running the command with sudo and run it in console as www-data user always with sudo, so, I suppose that is the same enviroment.
sudo mount -t ext3 /dev/sdf1 /san_disks/RIBS_2
The sudoers file has this lines:
www-data ALL = (root) /usr/bin/iscsiadm, /bin/mount, /bin/umount
%www-data ALL=NOPASSWD: ALL
And it works in console.
This was happening because "/dev" wasn't updated. I made a sleep(1) and it works!!
Related
I am unable to run a bash script using sudo with the shell_exec() function in PHP. I get an error saying:
Sorry, user apache is not allowed to execute '/bin/bash /var/www/html/private/createFTP.sh' as root on test.server.com.
PHP:
shell_exec('sudo bash /var/www/html/private/createFTP.sh 2>&1');
Visudo:
apache ALL=NOPASSWD: /var/www/html/private/createFTP.sh
If your web server is in chroot jail then that will cause this type of error. If you are running a chrooted server, make sure you mirror across your /etc/sudoers file to the jail filesystem too and adjust for the chroot directory structure when setting up sudoers file as well as your script will have moved once you are in chroot. Also check you have the sudo libraries and executable in the jail filesystem as well.
I have below php script(test.php) in redhat linux.
<?php
shell_exec('touch /var/www/html/test.txt');
?>
If I run this script in command line (php test.php) ,it's working as expected.
But if I run test.php in browser(http://hostname/test.php) it's not creating file test.txt.
I tried edit sudo visudo www-data ALL=(ALL) NOPASSWD:ALL
Please help me on this!!
I guest it's because of permission, when you run in command line you run it as your user but when you run it via browser , it runs as web-service's user, so check the the permission of /var/www/html/ directory and set it's permission to 755 and change the owner to your web-service ( apache , apache2 etc you have as web serivce)
So
chown -R apache:apache /var/www/html/ (I'm not sure about your web-service, change it your webserice and it's group)
chmod -R 755 /var/www/html/
PHP will execute that just fine. But the system then does not find touch in the pathes it has to search.
Easiest, is to give the full path to touch. On my System using command whereis to find touch
$whereis touch
touch: /usr/bin/touch /bin/touch /usr/share/man/man1/touch.1.gz
So the script would be:
<?php
shell_exec('/usr/bin/touch /var/www/html/test.txt');
?>
I'm trying to get an image of the raspi camera via a php script.
It's installed php5, apache2 and all necessary stuff.
Snippet: /var/www/img.php
if(isset($_GET['pic']))
system("sudo raspistill -w 512 -h 320 -o /var/www/img/img.jpg");
When I run the command directly in the terminal it's working, but the php script not. With sudo php /var/www/img.php?pic I'll get an error:
Could not read input file: /var/www/img.php
First I thought it's a problem with the permissions, but isn't working even with root privileges.
Have anybody an idea? I'm really depressed..
Thanks a lot!
Solution
first it's necessary to change the owner of the apache directory:
sudo chown www-data:www-data -R /var/www
After that it's not necessary to prepend sudo:
exec('raspistill ...');
It's also possible with popen, system, ...
I've been at this for two days now and haven't been able to find any way (good or bad) of doing that to work.
I have to be able of dynamically mounting drives over network from my website's pages (that part is inevitable).
I have no problems doing it directly on the console with the following command
mount -t cifs //IP-REMOTE-MACHINE/Folder -o username=username,password=password /mnt/share
Obviously trying to just do a shell_exec() of this command wouldn't work with no root rights.
I tried to shell_exec() a script in which I would switch to root user (via su or sudo mycommand) but both of them wouldn't work (never been able to succeed in doing a script who would automatically switch my user to root even with the root pwd hard coded (even if that feels an extremely bad idea I could have accepted that atm).
After that I tried to use pmountbut never found a way to access to a remote shared file (don't think it's even possible but I may have missed something here?)
All that is running on a Debian machine with apache2.
I have a wild idea...
You could set a cron to run as root that checks for mount commands from your script. The script would simply set a mount command to be processed, and when the cron gets to it, runs the mount, marks the command as processed, and writes to a log file which you could then display.
It's not safe to run sudo commands with www-data (the user for web servers in Debian).
But if you want to run sudo [command] in a php script, you must add the user www-data in sudoers: http://www.pendrivelinux.com/how-to-add-a-user-to-the-sudoers-list/
And then you can exec: sudo mount ...
EDIT: It's safer to add in visudo:
www-data ALL= NOPASSWD: /bin/mount
To allow www-data to use only sudo /bin/mount
My command is
echo root_password | sudo -u root -S executable_full_path arguments
The error message I get in the browser is
[sudo] password for www-data: Sorry,
try again.
From phpinfo(), safe mode is off and there are no disabled functions. Why isn't this working? The same command runs fine in the shell (bash). Escapeshellarg and escapeshellcmd don't make a difference.
EDIT: Simply being able to execute the command is not enough. The program that gets executed creates a socket in /tmp, and needs to assign it permissions. So I think I really need to be root for this, is that possible?
As Álvaro suggested, I'm putting my comment as answer. Matt, this would make it possible to run that command as root.
#Matt, don't do that /etc/sudoers (btw, you edit this file with the visudo command, never directly). That way you are making possible that any sudo whatever command run by your web application is run by root, possibiliting a lot of fun for an attacker if he founds a vulnerability in your application.
If you would like to run just ONE command as root without need for passwords, put this in /etc/sudoers (remember visudo command):
www-data ALL=(ALL) NOPASSWD: executable_full_path
Then you are only allowing to execute just this command as root. Now you should be able to do
sudo -u root executable_full_path arguments
without need to type in a password (and it will run as root). Also, this is the only command the user www-data may execute as root using sudo, so it should not be dangerous.
You're echoing the root password when you should be echoing the password for www-data.
Use this on your /ets/sudoers
Example for run gconftool-2 :
www-data ALL=NOPASSWD: /usr/bin/gconftool-2
www-data ALL=NOPASSWD: /usr/bin/sudo
www-data ALL=NOPASSWD: ALL