Executing PHP shell command requires sudo access

Question

I have written PHP code to execute shell command

<?php exec("phing"); ?>

This is not working at all from browser.

But what I analysed is, it running same command requires "sudo" permission. I am not sure how could I allow my PHP file to execute this commnand as sudo?

Please guide

@jcsanyi: Thanks for information,came to know new thing today. — Mahesh.D, Jul 04 '13 at 04:52
@user769456 My question still stands. I would prefer to Jenkins or something like that with phing. don't think calling from PHP is a good idea. — bansi, Jul 04 '13 at 05:01
@user769456 Please let me know what you get when you run the test file I include in my answer. I can probably help you more if you give me the output from that. — jcsanyi, Jul 04 '13 at 05:48

score 2 · Accepted Answer · answered Jul 04 '13 at 04:48

2

When executing php, you might not (probably won't be) in any particular directory. Try specifying the absolute path <?php exec("/usr/bin/phing"); ?> Also, did you mean ping instead of phing?

If the webserver has sudo access (a REALLY BAD IDEA) without a password (a REALLY BAD IDEA!!!) to run this command, then you need to change your code to <?php exec("/usr/bin/sudo phing"); ?>

To be able to run sudo, you will need help from the administrator of your computer. I doubt your administrator will allow this, because it's risky to give the webserver sudo access - a lot of work goes into making sure the web server does NOT have any sort of administrator privileges.

answered Jul 04 '13 at 04:48

AMADANON Inc.

5,753
21
31

+1, always move the executable to where PHP can run it (or set the proper permissions in an non-root area). – Dave Chen Jul 04 '13 at 04:49
Note that `/etc/sudoers` can be configured to allow the webserver user to execute *only* this `phing` command. Still not a good idea, but way more secure. – Jonathon Reinhart Jul 04 '13 at 04:49
**its phing** standard build system ; even I tried this ; does't help me. I am using macmini ; so in apache i even tried giving access to "_www" (apache user) full permission. ( while doing this I encountered syntax error in sudoers file ; so now I cant edit this ; this is different problem ) but it never worked. – Parag Diwan Jul 04 '13 at 04:55
@user769456 Always use `visudo` to edit the sudoers file - it'll check the syntax before it saves it, preventing you from getting locked out like that. – jcsanyi Jul 04 '13 at 05:47
@user769456 See [this question on ServerFault](http://serverfault.com/questions/251213/repair-a-broken-sudoers-file) for some help fixing your sudoers file. – jcsanyi Jul 04 '13 at 05:52
Jonathon Reinhart: it is a build system, like `make` - I don't think it can be made secure. – AMADANON Inc. Jul 04 '13 at 22:03

jcsanyi · Answer 2 · 2013-07-04T05:02:08.603

First question is what kind of a server are you trying to run this on? Is it your own machine? shared hosting?

It's probably not that it requires sudo, but that it requires some permission that your PHP script doesn't have, and sudo is one way to fix it.

A better way to fix this is to figure out what user your script is running as (possibly nobody?) and ensure the files that phing needs to access are owned by the same user. This may be as simple as changing the file ownership through your FTP program.

Also, don't forget to double-check that you actually are in the directory you think you're in.

To get some of this information, try running the following PHP file:

<pre>
<?php
passthru('id -a');    // figure out what user we're executing as
passthru('pwd');      // figure out what directory we're in
passthru('ls -l .');  // look at the permissions set on the current directory
?>
</pre>

Thanks for it. The Information which I got from this script is : _www is user / _www is group ; Present working directory has full RWX acess / Still the same issue. (note that, I own this folder to _www grp. ) — Parag Diwan, Jul 04 '13 at 11:18

Executing PHP shell command requires sudo access

2 Answers2