17

How to run from PHP a bash script under root user (with all permissions) and not nobody user - php default user?

thats my output after sudo visudo:

Defaults        env_keep += "LINES COLUMNS"
Defaults        env_keep += "LSCOLORS"
Defaults        env_keep += "SSH_AUTH_SOCK"
Defaults        env_keep += "TZ"
Defaults        env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults        env_keep += "EDITOR VISUAL"
Defaults        env_keep += "HOME MAIL"

#User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL


# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL) ALL

# Same thing without a password
# %wheel        ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
Oleg
  • 381
  • 1
  • 5
  • 15

5 Answers5

35

You can use sudo:

exec("sudo /your/script");

You should allow executing your script without password prompt. Run sudo visudo in console and add the following string to the end:

nobody ALL = NOPASSWD: /your/script

You must set up file mode properly to ensure that no one can modify this script and put dangerous contents into it (in root console):

chown root:root /your/script
chmod 755 /your/script
Pavel Strakhov
  • 39,123
  • 5
  • 88
  • 127
1

You can make a program which is set-uid root. This causes the program to always run as root. This doesn't work with shell scripts, so you have to use a program which calls your script.

Sjoerd
  • 74,049
  • 16
  • 131
  • 175
0

Under Linux you normally do this using sudo. Try to be as specific as possible, so not to give the script too many permissions.

For examples on how to use sudo: http://aplawrence.com/Basics/sudo.html

Ja͢ck
  • 170,779
  • 38
  • 263
  • 309
  • The problem is that when i run it on terminal its works good, but when i run that bash script from php it isn't executed (other simple bash with `cp`,`mv` commands working), i think its 90% permissions. – Oleg Jun 06 '12 at 14:11
0

I would add a specific rule to allow this script to be called by nobody user, using sudo.

J. Bruni
  • 20,322
  • 12
  • 75
  • 92
  • See Riateche's answer - you need to add the line `nobody ALL = NOPASSWD: /your/script` to the "visudo" file (sudoers configuration file). Of course, substitute `/your/script` by the path to your script. – J. Bruni Jun 06 '12 at 14:27
  • How can i edit this file? i used `sudo visudo` but it's shows only the output. – Oleg Jun 06 '12 at 14:36
  • Strange. `sudo visudo` should open it in a file editor: http://www.google.com.br/search?q=visudo – J. Bruni Jun 06 '12 at 14:38
  • You can change the editor visudo uses by typing `EDITOR=nano` (for example)... in "nano", use CTRL+O, CTRL+X to save the file... – J. Bruni Jun 06 '12 at 14:41
  • I cant do nothing with it, i open the file - Cant save it, it wont close, its duplicates himself.... – Oleg Jun 06 '12 at 15:01
  • This is really bad, and it shouldn't happen using `visudo`... see http://serverfault.com/questions/320109/how-to-change-back-etc-sudoers-file-right-to-0440 – J. Bruni Jun 06 '12 at 15:57
  • It seems you are not used to edit files in the CLI environment (i.e., using text editors like "Vim" or "Nano")... at least do you know which editor are you using? – J. Bruni Jun 06 '12 at 16:02
  • Ok, i played with it... **to write: you press 'I' . to save changes its ESC and ':w'** – Oleg Jun 07 '12 at 06:33
-1

I recently published a project that allows PHP to obtain and interact with a real Bash shell (as user: apache/www-data or root if needed). Get it here: https://github.com/merlinthemagic/MTS

After downloading you would simply use the following code:

$shell    = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1  = $shell->exeCmd('/full/path/to/script.sh');
MerlinTheMagic
  • 575
  • 5
  • 16