1

TL;DR:

I have a PHP page which executes a shell script containing impdp which imports dump to a new schema.
PHP file:

echo shell_exec("./DumpCreator.sh 22");

DumpCreator.sh

#!/bin/bash
echo $1
impdp U_$1/Pass DIRECTORY=dmpdir DUMPFILE=MYDMP.DMP remap_schema=PARENT:U_$1

It echos 22 but impdp doesn't execute although all permissions are given to a single user (admin).

Full

I have a PHP page which creates a shell script file and overwrites its contents as the following:

$shellFile = fopen("myfile.sh" , "w");
$field = "1";
$command = "#!/bin/bash\n"
    ."echo $field\n"
    ."sqlplus system/pass as sysdba << SQLEND\n"
    ."create user U_$field identified by newpass;\n"
    ."grant dba to U_$field;\n"
    ."exit;\n"
    ."SQLEND\n";
fwrite($shellFile, $command);
$output = shell_exec("bash myfile.sh");
echo $output;
fclose($shellFile);

contents of .sh file

#!/bin/bash
echo 1
sqlplus system/pass sysdba << SQLEND
create user U_1 identified by pass;
grant dba to U_1;
exit;
SQLEND

My problem is the part of sqlplus isn't executing. so what is wrong with this, thanks in advance. UPDATE
When I execute .sh file itself everything executes well (user is added and granted).
UPDATE 2
I tried doing mentioned above using php oci and it ran successfully.
Now the problem is with when user is granted permission I need to copy some dump to it using a script which I will be needing to execute using PHP.
My new .sh file 

#!/bin/bash
echo $1
impdp U_$1/pass DIRECTORY=DATA_PUMP_DIR DUMPFILE=something.DMP remap_schema=something:U_$1

Even if I removed $1, it doesn't execute this part and I think it doesn't require sudo or to su to root, so what am I doing wrong ? also what permissions that could be missing in the process ?

Update 3
Executing the script directly from terminal using 'admin' account which is the one Oracle is installed on, also getting the current user in PHP shows that it's 'admin'.
So the problem is with How Can I execute any non-os related commands (anything but echo, ls .. etc) from my PHP page ?

AbdelRahman Badr
  • 193
  • 3
  • 15
  • Is the first line executing? e.g. add touch myfile and see if it exists after. It's probably a permission issue on your script. Check that the paths for sqlplus exist for the user this is executing under. It might be it's logging into a new shell and needs the environment configured. – bob dylan Dec 21 '15 at 14:55
  • Yes, it echos '1' on browser. First I thought it was permission but the .sh gets executed maybe it it's related somehow to sqlplus permission issue (not signing in as admin or root maybe). I tried another thing and update my question. – AbdelRahman Badr Dec 21 '15 at 15:17
  • What about the second part though? are the environment variables set up correctly? e.g. is impdp a recognisable executable? does your username really have $ in it? or are you trying to substitute this? again is $1 being passed / set? – bob dylan Dec 21 '15 at 15:50
  • -Second part doesn't get executed, but the first one does, it echos the parameter I'm passing through PHP. -I'm running everything on the same machine with the same env vars,. -impdp is recognizable cause when I run the same .sh file through terminal and I pass a value to it (./myfile.sh 1) it executes properly. -Username doesn't have $ in it but I'm passing a parameter so it will bind. – AbdelRahman Badr Dec 21 '15 at 15:59
  • 1
    Yes but is your php script logging in as the same user you're running these tests on? – bob dylan Dec 21 '15 at 16:00
  • -When I execute inside the same script (whoami) it says (apache) so I think that's the problem, so how do I switch users ?
    -Or if what I was saying wrong, How can I check ?     – AbdelRahman Badr Dec 21 '15 at 16:20
  • I suppose you could touch a file and see who's the owner (probably is apache though). You could do something like sudo /bin/su - oracle (provided apache can sudo to this user). I use oci_connect (http://php.net/manual/en/function.oci-connect.php) to run sql commands, you might be able to connect as oracle and then ! within your script for the impdp / shell commands, however, preferably, you need to work out how to connect to your system as a different user. – bob dylan Dec 21 '15 at 16:29
  • both are by admin, then I used (get_current_user) in PHP and it was admin too. (I'm not running php on my localhost btw). – AbdelRahman Badr Dec 21 '15 at 17:46

2 Answers2

0

So after searching about permissions, I found that it's possible to execute anything (root or non-root commands) by editing sudoers file which will allow any php to execute any command and that's as far as I can tell is a very poor solution.
Ref : How to call shell script from php that requires SUDO?

Community
  • 1
  • 1
AbdelRahman Badr
  • 193
  • 3
  • 15
0

Make sure you have the required environment variables set.

In particular you'll probably have to set LD_LIBRARY_PATH to the location of the shared libraries that come with your Oracle installation.

The PHP code is probably hiding the error messages related with this.

Compare your environment where you normally run SQL*Plus or IMP before and after running oraenv, you will need to set at least a few of those (and probably most if not all).

fork2execve
  • 1,561
  • 11
  • 16