Run SUDO through PHP exec?

Question

Possible Duplicate:
How to call shell script from php that requires SUDO?

I have a Python file that needs SU rights to run (on Ubuntu server).
Can't figure out how to do it.

Running it from PHP like so:

$command = "python /path/to/my/file.py params";
$temp = exec($command, $output);
var_dump($output);

Not working. (Xvfb fails to start for non-root)

Tried:

$command = "echo 'root_pwd' | sudo -S python /program.py params"
...

didn't work.

Tried: edit /etc/sudoers:

Cmnd_Alias BUNDLE = /path/to/myprog.py
nobody  ALL=(ALL) NOPASSWD:BUNDLE

and then:

$command = "sudo -u nobody python myprog.py params";
...

didn't work.
When I say "didn't work" - I mean that var_dump($output) returns empty array, no successful result on server (myprog.py should generate a file on the server) or the page simply loads for a couple mins until it times out.

Basic .py files (that don't require special rights) work.

Pls help.

PS: .Py file is making screenshot of URL, so is using webkitgtk, Xvfb and couple other things.

Answer 1

Your command is wong:

$command = "sudo -u nobody python myprog.py params";

Here you're calling the python interpreter directly, but in your sudores file you only allowed /path/to/myprog.py.

If you want to do it this way, then add a shebang to your python program and make it executable, then change your command to

$command = "sudo -u nobody /path/to/myprog.py params";

But for this to work, the user you specify in your sudoers file must be the user executing the command, which probably isn't nobody but the web server process (www-data?):

Cmnd_Alias BUNDLE = /path/to/myprog.py
www-data  ALL=(ALL) NOPASSWD:BUNDLE

---

The other way you tried

$command = "echo 'root_pwd' | sudo -S python /program.py"

probably failed because of two reasons:

• the current user (probably the webserver process) isn't allowed to sudo
• sudo doesn't take the root password, but the current users password

And you don't really want to pass passwords like this anyway...