0

I have a php page.

It calls a validation bash script that checks variables passed from the php page.

I then call another bash script that I need to execute under root user. I have followed the guide here How to run from PHP a bash script under root user and still can not get script to execute as root.

I have the following:

php page

$bashFile = shell_exec('./Validation.sh "'.$coinName.'" "'.$coinNameAbreviation.'" "'.$blockReward.'" "'.$blockSpacing.'" "'.$targetTimespan.'" "'.$totalCoins.'" "'.$firstBitAddy.'" "'.$seedNode.'" "'.$seedName.'" "'.$headline.'" ');
echo "<pre>$bashFile</pre>";

the validation file:

sudo nohup /bin/bash /usr/sbin/CoinCreationBashFile "$coinName" "$coinNameAbreviation" "$blockReward" "$blockSpacing" "$targetTimespan" "$totalCoins" "$firstAddyBit" "$seedNode" "$nameSeedNode" "$headline" "$blocksPerDay" "$startingDifficulty" >> /tmp/BASH2log.txt 2>&1 &

I have added 

www-data ALL=NOPASSWD /usr/sbin/CoinCreationBashFile

to the end of the sudo visudo

and did:

chown root:root /usr/sbin/CoinCreationBashFile
chmod 755 /usr/sbin/CoinCreationBashFile

was running it from usr/sbin from suggestion here http://ubuntuforums.org/showthread.php?t=1848069 Can anyone see what I am doing wrong?? Many thanks edit: I can run the CoinCreationBashFile script without the sudo command and it runs ok up to one point where it needs root priv... so i know the script working, and executing from the terminal the script runs perfectly as desired. output in tmp/BASH2log.txt

sudo: no tty present and noaskpass program specified
Improve this question
7
  • maybe your www server uses different user account (not www-data)? Commented Aug 8, 2013 at 22:04
  • when i run top in the terminal on the server that is the user that is executing all the processes Commented Aug 8, 2013 at 22:07
  • 1
    can you clarify if you succesfully ran the script as www-data user without password? Commented Aug 8, 2013 at 22:34
  • yes script can be run when i typed sudo -u www-data /usr/sbin/CoinCreationBashFile var1 var2 var3 Commented Aug 8, 2013 at 22:44
  • 1
    This is not an answer to my question. Did you try to su to www-data (sudo -u www-data bash) and then run a script (sudo /usr/sbin/CoinCreationBashFile var1 var2 var3) Commented Aug 8, 2013 at 22:49

3 Answers 3

Reset to default
2

This question is similar to sudo in php exec() and they did not arrive at a conclusion.

In your case, since only one bash script needs to be executed in this fashion, considering using setuid instead:

$ su
[enter password]
chown root:root something.sh
chmod 4755 something.sh
exit

Note: Some Linux distributions disable setuid for shell scripts by default for security reasons.

Update: Apparently no commonly used Linux distribution today allows setuid on shell scripts. Perl used to be the exception, but suid-perl is now deprecated.

The only way to execute your bash script using this method is to invoke it from a compiled binary. See the example with the C code on how to do this.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I was wondering if the linux disabled setuid... am on ubuntu 12.04 for the OS. Have run chown root:root /usr/sbin/CoinCreationBashFile and chmod 4755 /usr/sbin/CoinCreationBashFile from the terminal.. was wondering if the link guide was saying to make seperate bash file to change the user.. but would have thought that done now I have run it as root from terminal
@Peter Updated my answer after some research.
solution i used was to get php page to write out variables to a txt file in empty directory. At the start of my bash script that php page was calling it now searches for a .txt file in the empty directory, if no txt file then exit, if there is then extract variables and run cron job. Many thanks for your help Niklas
2

I recently published a project that allows PHP to obtain and interact with a real Bash shell, you can easily get a shell with root. Get it here: https://github.com/merlinthemagic/MTS

After downloading you would simply use the following code:

$shell    = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);

$strCmd = "/usr/sbin/CoinCreationBashFile ".$coinName." ".$coinNameAbreviation." ".$blockReward." ".$blockSpacing." ".$targetTimespan." ".$totalCoins." ".$firstAddyBit." ".$seedNode." ".$nameSeedNode." ".$headline." ".$blocksPerDay." ".$startingDifficulty." >> /tmp/BASH2log.txt 2>&1 &";
$return1  = $shell->exeCmd($strCmd);

//if there is any return from the script you can wait for the return
//or you can trigger like you have it now and get no return.
Improve this answer

2 Comments

What are the security risks associated with this?
Since you require root permissions the project i built achieves that in one of 2 ways: You allow apache the right to sudo python OR you pass root credentials to the object every time you need a shell with root setup. Allowing sudo to python is a real concern, but so is passing root credentials in the script. Letting PHP anywhere near root is always tricky. Pick your poison. :)
1

You have a typo in visudo entry. There is no R in the NOPASSWD. It should be:

www-data ALL=NOPASSWD /usr/sbin/CoinCreationBashFile
Improve this answer

1 Comment

good spot but unfortunately only a typo in the question on here.. in code it was PASSWD and still does not work :(

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.