I have a local server which needs to make changes to a virtual hosts apache config file and then restart apache so the new config takes effect.
Can PHP do this? I tried passthru and exec but they didn't work. Maybe the problem is that I'm trying to restart PHP's parent process?
Thanks for any help!!
I've used a cron script (written in PHP, not executed from the webserver) to check a server is up and restart the server.
However, I wouldn't do this from a server-created process, because you know you're about to kill the parent process, which has bad implications for the child.
The simplest method would be to have a file /tmp/RESTART_APACHE which PHP can create, and which the cron script checks for. If the cron script sees the file /tmp/RESTART_APACHE then it does a proper restart of Apache.
Using a cron script will introduce a delay (up to 60s if you run it each minute), but apart from that should work as you want.
Depending on how you intend using this, that may do the trick.
(You probably want to use a different directory than /tmp/ to set permissions and prevent anyone on the server being able to create the file.)
EDIT: Please see Aaron H's comment to this post. I agree with what he says: you really do want to be careful that the ability to restart your webserver is not a service generally available to the public.
Restrict access to the system which can trigger the restart; ensure that the file which triggers the restart has restrictive permissions so only the web process can create that file, and generally be smart.
I've done this for the very exactly thing. However it was solely for a development environment, to quickly create virtual host for our developers on demand. Worked very pleasing well so far.
My approach was to create a new user on the system, give this user sudo rights to reload apache and from Apache->PHP I used SSH to localhost with an authorized key without passphrase to that user, issuing the command.
The reason for this was that I didn't wanted to give the apache user (usually www-data) the power in general to reload itself. I named the new user wwwctrl.
The command I used was:
ssh -i /path/to/key-file wwwctrl#localhost sudo /etc/init.d/apache2 reload
I had to execute this command manually one time as wwwctrl user to have the local host key being added to ~wwwctrl/.ssh/known_hosts.
I used proc_open() to watch the execution of the command.
In fact I was generating a batch of virtual hosts for different Apache installations on different systems so on every system I had this wwwctrl user to reload Apache, basically doing this in a "foreach hosts as host do ... wwwctrl#host#".
Wouldn't you want to pass a 'reload' instead of a 'restart?'
To do this you would need to edit the sudo file and then execute the restart command that is used on your system, using sudo of course. If you give details, I could tell you but do you even have access to do that? Is it hosted? Cron would probably be a better choice here though.
at will be able to do that, not sure if you can schedule down to the second but I guess that depends on the implementation
I would create a daemon to monitor the sites-enabled directory and restart Apache when files are added or modified. Then you don't have to wait up to 60 seconds as with a cron job.
This sorta thing violates the standard chain of command since apache invokes php, not the other way around. I second the cron suggestion. Just set a cron job with sufficient privileges to check for changes to the host file, and restart apache if any are found.
Related
I'm trying to create a WHM / Plesk Type Control Panel for my Clients to use. I am running XAMPP on a VPS and want users to be able to, for example, ban IP's however for the change to take effect Apache needs to be restarted.
Is there a way using PHP the user can click a button and the Apache Service will restart?
I have tried using the following PHP code but all this does is Stop the Apache Server, it doesn't bring it back up?
<?php shell_exec("apache_stop.bat"); ?>
<?php shell_exec("apache_start.bat"); ?>
Both bat files are in the same directory as the php file and I have amended them so that the files are relative to them by adding this ..\..\ to the file paths.
Is there one file that I can run that will do both tasks automatically or is there a better way to do this?
After you stop apache, it exit and do not start second job. You may use script that get this two jobs
You cannot restart Apache from a script. When the first shell_exec is called, the server process ends, and so the second call will never be made.
As an alternative, I suggest you ban devices/IPs using PHP - perhaps save them in a text-file or database and check from there.
Or, you can refer to the answers given for this question.
I know this is a simple question, but I can't for the life of me get it to work. If I log in to my server via SSH (linux) and type in : /home/username/public_html/x/foo.cgi f=subscribe l=list e=abcd#gmail.com the script runs perfectly. However, if I try to run the script via PHP by the likes of : shell_exec("/home/username/public_html/x/foo.cgi f=subscribe l=list e=abcd#gmail.com"); nothing happens.
Can anyone point me in the right direction?
Thanks ahead of time!
Tre
"Nothing happens" isn't a very descriptive error message. Nevertheless, three possibilities come to mind:
Differences between the server-hosted environment versus the shell environment.
Your server or hosting site may have disabled shell_exec or other functionality.
You may need to be running PHP as the same user you SSH'd in as (or otherwise get the correct permissions).
Some other piece of the stack are in disarray due to mis-configuration or misuse.
Take your pick. Check your logs. Make sure you don't leave any holes available for attackers to get in.
If you are managing the server, most likely this is a permissions issue. Your webserver is running as www-data or some similar user. It needs execute permissions on the script file to run it. Try changing the script's owner with the chmod command or give the file you're trying to run more liberal access permissions with the chown command.
Another thing to consider is that shell_exec may be disabled if PHP is running in safe mode.
I would like to know if it is possible to restart the Linux server using PHP script? In related to changing IP Address from Static to DHCP, I need to reboot the system so that it will take effect.
i tried this code:
system("/usr/bin/reboot");
error message is :
reboot: must be useruser
here'e the another:
system('/etc/init.d/network restart');
the error is:
Shutting down loopback interface: [FAILED] Bringing up loopback interface: [FAILED]
Hope you can help me in this.
Thank you!
Regards to all.
You can restart it if the program-users-context of your interpreter, webserver has the rights to execute these commands. A webserver or php interpreter should not be run as root. You may use sudo, sudoers in order to escalate privileges in these both cases.
You will need to use sudo like this:
system("sudo /usr/bin/reboot");
in your /etc/sudoers add the following:
apache ALL=(ALL) NOPASSWD: /usr/bin/reboot
Where apache is the username under which the PHP script runs.
Be aware of the security impication of doing this - anyone with access to PHP scripts on the server to reboot the server.
In related to changing IP Address from Static to DHCP, I need to reboot the system
No you don't. This is not Microsoft Windows. But the command for remapping the network interfaces varies from distribution to distribution - and you don't say which this is. Similarly, access the reboot, shutdown, init and telinit commands varies by distribution.
I am working in local server
So why not just do it via ssh or at the console?
Since you have stated that you're a newbie to Linux, I feel that it's worth pointing out that it's much much less common to need to reboot a Linux box compared to a Windows one.
You shouldn't need to reboot even after updating core software packages. Even if something crashes badly, you can ususally recover without a reboot.
You haven't stated why you'd want to be doing a reboot, but rebooting the whole box really should be an absolute last resort. In fact, rebooting simply to clear an issue is consdered very bad practice for a Linux administrator because it tends to wipe out evidence of what caused the problem, and does nothing to prevent the problem from recurring.
On Linux, most issues that would require a Windows box to be rebooted only require the individual program or service to be restarted.
Finally, a note on security: Doing major system operations such as this via a PHP program is bad security practice because it exposes root level functionality to non-root users. I assume (well, I hope!) that you're planning to lock down access to this PHP page, but even the best secured web page should not be considered secure enough to be running root-level operations.
In short, my advice is that you shouldn't do this. If you must do it, #qbert220's answer should work, but please don't do it.
[EDIT]
With specific regard to changing the IP address from DHCP to static, this should not require a server reboot in Linux. You simply need to restart the networking interface.
Once you've changed the config, something like this should be enough to restart your network interface with the new IP address in place:
sudo /etc/init.d/networking restart
You haven't specified what variety of Linux you're using, but here's a link to a page which details how to do it from the commandline in Ubuntu.
It does require root priviledges though, so you would need to use sudo to achieve it and to add your web user to the sudoers list, which as I said before is really not great from a security point of view.
Script must be set to run as root:
reboot.php
<?php
exec("reboot -d -f -i");
?>
Meke it a root script:
chown root.root reboot.php
chmod 700 reboot.php
But why do this with php? Just make a script in sh like so:
#! /bin/sh
PATH=/sbin:/usr/sbin:/bin:/usr/bin
reboot -d -f -i
Is it possible to run exec() as a a different user (on my box it runs as www-data). I wish to execute a script that needs access to files that are not owned by www-data.
If you have access to the server's configuration (assuming it's Apache), you might consider using suPHP. In a virtual host's configuration you can explicitly set the user and group for which a PHP script is executed:
<VirtualHost 192.168.1.1:80>
...
suPHP_UserGroup user group
...
</VirtualHost>
This setting is available for suPHP configurations built with the --with-setid-mode=paranoid option.
Another way to change the user ID would be posix_setuid() for which appropriate privileges are required. That would mean running your PHP scripts as root, which is a serios security issue.
I had a similar requirement some years ago that required a few PHP scripts to talk to a serial port. The first serial port is typically /dev/ttyS0, owned by root and in the group dialout.
For my initial setup, I added my apache user to the group dialout. The PHP scripts were able to directly talk to the serial port with no problem. However, only one instance of a script could open the serial port at any one time, so this solution could not work.
I then created a daemon that provided a layer between the serial port and the PHP scripts. The PHP scripts would talk to the daemon via a named pipe, and the daemon would then format the requests and pass it onto the serial port - doing a bit of caching along the way.
So, either add www-data, or whatever your apache user is, to the group that owns those files, giving group execution permissions, or use a proxy like I had. If security concerns you, then I'd go with the latter.
No, not directly. If you are on a linux machine and have the rights, you can set the set the setuid bit on your file.
Keep in mind that the webserver runs as a different user for a reason. It is a very important security mechanism and by working around it, you might cause a security vulnerability.
You can change the user under which your server runs. This can be easily done using the windows version of apache (apache runs there as service and it is easy to configure the user under which apache runs).
Which server plattform do you use?
I am working on an application that runs locally on a Fedora 10 machine through PHP and Apache. It depends on a process that runs in the background.
The higher-ups want to be able to start/stop/restart the process, through the browser. I was trying to get this to work by having PHP make calls to the system using exec() and shell_exec, but it doesn't seem to work.
When I try to start the process using "exec('processName')", nothing happens.
When I try to use "exec('killall processName')", SELinux starts constantly popping up warnings that the process was permitted (because I put it into permissive mode), however it doesn't actually kill the process! But this seems to go on even after the page is fully loaded!?!?
I AM able to call another script in a similar fashion: "exec('/var/www/cgi-bin/ControlProgram START')". So I'm not really sure what the major differences are between the two calls/commands.
I also put the script call into the /etc/rc.local file to have the script run at login. However, will I be able to kill this script from PHP since its run by... the system?
I'm not a guru when it comes to permissions/SELinux, so don't spare on the gory details! Thanks in advance!
If you have administrative control over this system you will want to check the PHP configuration (make sure it is the config profile for the web server).
Safe_Mode will prevent PHP from executing anything outside a particular folder. In a shared hosting environment, this usually means you can only execute things that are relative to your home/www folder--which seems to be the case based on your notes.
I believe I found the problem. I'm still not exactly sure what the problem is, but it looks like it has something to do with file/directory permissions. When I moved the scripts into my /var/www/html directory, the scripts ran. I moved them into /var/www/cgi-bin and they work there too. So it might be something where apache can't execute scripts that are outside the /var/www directory, or at least it can't do it directly. Thanks for your help though!
It sounds like old school unix permissions and how apache operates. I do recall (though it has been some time) that apache is careful on what it will execute. Double check your octals.
To verify that it isn't SELinux you can disable it instead of putting it in permissive. though this will cause a file system relabel (or should). At that point your extended attributes with the SELinux contexts could get out of wack and cause SELinux problems once in enforcing again.