0

Issue: Initially, Through command line as a root user,I accessed a package called pandoc (/root/.cabal/bin/pandoc) which was installed in root folder. When I try to access that package through php using shell_exec(),it fails.

Question: Is there any limitation for php shell_exec() not to access root packages for security purposes? If so,how to resolve it?

I tried: Gave write permission to root folder then I could access root packages through command line not as a root user. yet I couldn't to access it through php shell_exec().

php code:

shell_exec("cd /home/quotequadsco/public_html/pandoc_jats ; sudo -u quotequadsco 
-S /root/.cabal/bin/pandoc ex.tex --filter /root/.cabal/bin/pandoc-citeproc
-t JATS.lua -o ex.xml");

and also tried,

shell_exec("cd /home/quotequadsco/public_html/pandoc_jats ;/root/.cabal/bin/pandoc 
ex.tex --filter /root/.cabal/bin/pandoc-citeproc -t JATS.lua -o ex.xml");

Expectation: I need to execute pandoc root package through shell_exec() in php.

vidhya
  • 449
  • 7
  • 22

2 Answers2

0

Added the following line in the /etc/sudoer file

#Defaults requiretty   //commented this line
usergroup ALL=(ALL)  ALL

PHP code, 

shell_exec("cd /home/quotequadsco/public_html/pandoc_jats ;echo password | sudo 
-S command"); //added a password for sudo command to run as a root user.
vidhya
  • 449
  • 7
  • 22
0

I recently published a project that allows PHP to obtain and interact with a real Bash shell (as root if requested), it solves the limitations of exec() and shell_exec(). Get it here: https://github.com/merlinthemagic/MTS

After downloading you would simply use the following code:

$shell    = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1  = $shell->exeCmd('pandoc (/root/.cabal/bin/pandoc)');
//the return will be a string containing the return of the command
echo $return1;
MerlinTheMagic
  • 575
  • 5
  • 16