0

I have an app that has to mount a disk on a server. The disk and the server all connected, it just has to use the linux 'mount' command.

I wrote a php that is simply:

<?
exec("/var/www/MountTheDisk.sh");
?>

And I added bash script: MountTheDisk.sh

#!/bin/bash

diskutil mount /dev/xvdb1 /mnt/theDisk/
echo trying to mount

Now, if I run that php, I get no result. Nothing is echo'd and no disk is mounted. How can I run this command remotely? Maybe php is not the best method?

Rossi
  • 609
  • 6
  • 14
  • Does the user under which you are running PHP have sudo privileges? – Mike Brant May 24 '13 at 17:48
  • I am just running the file by navigating a website to the url: ip.address/MountDisk.php Is there a better way to accomplish this? or how can I run the file remotely while logged in? – Rossi May 24 '13 at 17:52
  • 1. Your command needs to be sent as a string, and you're missing an ending semicolon. `exec('sudo mount /dev/xvdb1 /mnt/thisDisk/');` 2. As Mike Brant suggests, the user that PHP is running under (which may be Apache or whatever web server you're running) must have `sudo` privileges. – nickb May 24 '13 at 17:54
  • Yes, I did forget the colon, good call. My sunders file says ALL so does that mean that the privileges are a-okay? – Rossi May 24 '13 at 18:02
  • 1
    Also, maybe it does not need to be a sudo call? – Rossi May 24 '13 at 18:03
  • It will ask for a password after this command – Luigi Siri May 24 '13 at 18:18
  • Is there another way to run the script aside from putting the url in a web browser? Because when I do that, there is no way for it to ask me for my password. – Rossi May 24 '13 at 18:26

2 Answers2

1

This solution seems not to work. I don't know why since I havent used SetUID with shell scripts. But I let this answer stay here just in case someone wants to refer to it.

For security reason I would recommand you to put your code into a bash file. Use the SetUID-bit to execute the bash file as root from within any other user. This way your file is not writeable by anyone else than root and you don't need to handle with sudo. Otherwise you allow your php-process to execute code as root which, in most cases, is a very bad idea.

The reason why you don't receive any output is probably because it ask for a password an there is no way for exec to enter one.

Edit: Change your php call to:

<?
exec("/var/www/MountTheDisk.sh");
?>

Than create a bash file (/var/www/MountTheDisk.sh) with some content like this

#!/bin/sh

// this script will be executed as root
diskutil mount /dev/xvdb1 /mnt/theDisk/
echo trying to mount

Now set SetUID bit and change owner to root. (musst be done via root shell)

// make script executable
chmod +x /var/www/MountTheDisk.sh

// setuid bit
chmod u+s /var/www/MountTheDisk.sh

// change owner to root
chown root:root /var/www/MountTheDisk.sh

Note: Any user can run this file. Any call will result in it beeing executed as root.

Chris
  • 661
  • 2
  • 7
  • 23
  • It seems like I could figure out how to do this - I'll give it a shot. How can I execute a bash file without being in the terminal window? Navigating to the file from a web browser just seems to echo out the file. – Rossi May 24 '13 at 20:05
  • @Rossi If you want to execute a bashscript from PHP you can simply call `exec("sh /path/to/yourbashfile.sh");` or `exec("/path/to/yourbashfile.sh);` (If you set the execution bit of the bashscript). If you are not very familiar with bashscript you should first check out how linux identifies how to run a executable file. – Chris May 24 '13 at 20:17
  • I have modified my file like you said and added a bash script. And I think thats how you set the uid-bit, I did a little research on it but am not entirely confident. Got quite a mixture of info. Still not dice. Does this all look like you were talking about? (you can see in the edited question above) Thanks so much for your help! – Rossi May 25 '13 at 16:04
  • @Rossi Don't mix the bit with the `setuid` command. The SetUID bit is something that needs to be set via terminal. It is sort of a proberty of a file (like executable). If this bit is set than any exection of the according script will result in it beeing executed as the OWNER of the file. So what you have to do: change the owner of your bash script to root (`chown root:root file.sh`) and than set the SetUID bit and executable (`chmod u+s file.sh`). You have to do this via a root shell. Also make sure the file is execuatable and change your call to `exec("/var/www/MountTheDisk.sh");` See edit. – Chris May 25 '13 at 16:31
  • Okay, I tried this - thank you so much. I still am not seeing a result. I followed the steps that you explained for setting the user to root on this file. Any last ideas to make this run? My lastest version of the files are up top - – Rossi May 25 '13 at 18:18
  • @Rossi I've just checked it my self and you are right. I'm not sure if it is not supposed to work with shell scripts or if it is disabled (many distributions disable it for securitry reasons). So I'm sorry but I can't help you any further. Maybe you want to check out this because it is basically the same question: http://stackoverflow.com/questions/8532304/execute-root-commands-via-php – Chris May 25 '13 at 19:22
  • Thank you so much anyway - I appreciate your time and effort! Sometimes computer are so darn tricky!! – Rossi May 25 '13 at 19:25
0

The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.

  1. Run the command sudo visudo. Actually we want to edit the file in etc/sudoers.To do that, by using sudo visudo in terminal ,it duplicate(temp) sudoers file to edit.
  2. At the end of the file, add the following ex:-if we want to use command for restart smokeping and mount command for another action,

www-data ALL=NOPASSWD: /etc/init.d/smokeping/restart, /bin/mount

(This is assuming that you wish to run restart and mount commands using super user (root) privileges.)

However, if you wish to run every application using super user privileges, then add the following instead of what’s above.You might not want to do that, not for ALL commands, very dangerous.

www-data ALL=NOPASSWD: ALL

3.After edit the sudoers file(by visudo we edit the temp file of sudoers so save and quit temp file(visudo) to write in sudoers file.(wq!)

4.That’s it, now use exec() in the following manner inside your xxx.phpscript.keep remember to use sudo before the command use in the php script.

ex:-

exec ("sudo /etc/init.d/smokeping restart 2>&1");

So in your problem,add the commands that you wish to use in to the step no (2.) as I add and change your php script as what you want.

Thusitha Sumanadasa
  • 1,669
  • 2
  • 22
  • 30