0

I am writing a PHP script for the GUI of a Cent OS server. For testing purposes I have set up the Apache as localhost. Cent OS does not automount a connected USB device. In PHP I need to check if a USB device is plugged in then mount it and list the file content for the user. This is quite simple in bash, however I am unable to make it work in PHP. I have played around with both the exec() and the shell_exec() functions with no avail. I have tried the commands both manually i.e.:

shell_exec("sudo mount /dev/sdb1 /mnt");

and through a bash script:

exec("./mountlist.sh");

Is there a function in PHP I can call that will do the same thing, or am I missing something with the exec and shell_exec functions. Both functions work fine in the shell. Since mount is a root command I included sudo in the bash script.

Sicco
  • 6,167
  • 5
  • 45
  • 61
user1628380
  • 1
  • 1
  • 2
    does whatever user php is running under have sudo privileges? are those privileges granted w/o password prompt? – Marc B Aug 27 '12 at 18:14
  • I'm pretty new to PHP and bash, the user does not, however it would not be a problem if they did. How would I grant the Apache user root privileges? – user1628380 Aug 27 '12 at 18:18
  • 3
    apache already starts with root privs (so it can bind to port 80) and then drops them, because running a webserver as root is a fundamentally BAD idea. – Marc B Aug 27 '12 at 18:19
  • I see, so how would I mount a USB key via PHP? – user1628380 Aug 27 '12 at 18:21
  • why do you need php to do this? php is not really intended for this sort of thing - it's not a "low level" language. – Marc B Aug 27 '12 at 18:22
  • I don't necessarily need to use PHP, however I need the files from the USB drive listed on a PHP page. I have no issue writing a bash script to do this, which works, but I have not been able to successfully call the bash script from PHP. – user1628380 Aug 27 '12 at 18:25
  • 1
    @newfurniturey: uh, did you read the rest of the comment? apache MUST start with root privs to bind to port 80. chroot has nothing to do with that at all. Plus, chroot on apache makes very little sense if you're embedding PHP in it - a jail that gives the inmates a complete toolbox, including bolt cutters and hacksaws is basically no jail at all. – Marc B Aug 27 '12 at 18:26
  • Moreover, the drive has to actually be mounted once the user opens the page. If no drive is present, the script should do nothing. – user1628380 Aug 27 '12 at 18:26

1 Answers1

1

You can't sudo from inside a PHP script - there is no way to type in the sudo password.

You could create a shell script and use the STICKY bit to have it run as the root user

http://www.dba-oracle.com/linux/sticky_bit.htm

That's how the passwd command can write to the password file owned by root even though you are running it as a normal user.

Also - you could grant the web user permission to mount/unmount file systems (add him to the fuse group on most systems), but that's more open-ended and rather dangerous if your web server gets hacked, so I would go with shell scripts and sticky bits for your purposes.

msEmmaMays
  • 1,073
  • 7
  • 7