4

I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.

I have done the following.

Created my bash script file script_test.sh

#!/bin/bash

whoami
echo $USER
echo 'test'

exit

when I run this from CLI, using 

./ script_test.sh

It does indeed work and I can see the info echoed out in the CLI.

I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.

I created my php page (php_test.php) and it contains the following

<?php

    chdir('/path/to/my/files/');
    shell_exec('./script_test.sh');  // ATTEMPT RUN SCRIPT
    shell_exec('/path/to/my/files/script_test.sh');  // ATTEMPT RUN SCRIPT

    echo 'test 123';  // SIMPLE ECHO IN THE PHP PAGE
?>

I then ran the following to modify the sudoers file, giving www-data access to the bash script

sudo nano /etc/sudoers

to which I added the following line

www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh

I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command

sudo chmod 777 script_test.sh

From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.

Is there another log that could contain clues on this?

What else should I check here?

jww
  • 97,681
  • 90
  • 411
  • 885
tamak
  • 1,541
  • 2
  • 19
  • 39
  • Also see [execute shell script with php + nginx](https://stackoverflow.com/q/27208874/608639), [PHP script to execute a bash script](https://stackoverflow.com/q/25186117/608639), [How to run a shell script as different user with PHP on Nginx?](https://stackoverflow.com/q/26481833/608639), etc. – jww Jul 08 '17 at 02:34

2 Answers2

0

The result of shell_exec() is returned as string. To display it in your browser, simply add echo.

<?php

    chdir('/path/to/my/files/');
    echo shell_exec('./script_test.sh');  // ATTEMPT RUN SCRIPT
    echo shell_exec('/path/to/my/files/script_test.sh');  // ATTEMPT RUN SCRIPT

    echo 'test 123';  // SIMPLE ECHO IN THE PHP PAGE
?>

See the Return Values in the manual:

The output from the executed command or NULL if an error occurred or the command produces no output.

TacoV
  • 424
  • 1
  • 5
  • 17
-1

Can you try to use passthru instead of shell_exec, and see the output anything?

Also try this, and see if it shows on the log file:

if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");

Also, are you running PHP with the www-data user (check your fpm pool)? Do you have any error on /var/log/syslog or /var/log/auth.log ? Have you restarted the server after changing the sudo permissions?

What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?

Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?

peixotorms
  • 1,246
  • 1
  • 10
  • 21
  • www-data is the user that PHP is running as. I ran the PHP snippet at the top of your post/message but it DID report the script as found, but the shell_exec and passthrough attempt with the nohup-based command did NOT generate anything at all. neither of the log files you mentioned show me any clues at all either. – tamak Jul 08 '17 at 03:27
  • obvious question... but is shell_exec allowed on php.ini ? Does `` print anything useful? How about the other commands, do they work on the command line directly? – peixotorms Jul 08 '17 at 13:52
  • @peixogorms when I run that I get the following disabled functions from my ini file - identical to what I see in phpinfo()... pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,File – tamak Jul 08 '17 at 14:17
  • Note that if PHP is running in safe mode, shell_exec won't work. http://php.net/manual/en/function.shell-exec.php Try to remove all those and try again. Also, does something more basic works? `$output"; ?>` – peixotorms Jul 08 '17 at 15:22
  • @peixogorms I see that safe mode was deprecated as of php 5.3 and removed as of php 5.4, I'm running PHP 7 and will investigate how to enable exec and / or shell_exec. No output using that snippet either. – tamak Jul 08 '17 at 17:36
  • I suggest you install PHP as FPM. Are you using Apache with mod_suexec or something? You cannot enforce security on PHP from apache, if you plan on using exec like this. When you install PHP as FPM, you can choose which user PHP runs with (different pools). – peixotorms Jul 09 '17 at 15:42
  • I'm using NGINX, not apache. I was able to use the same steps and it worked great on an UBUNTU virtual machine running on my macbook pro. I think its because exec is disabled in PHP_INI and will test that theory later today. Thanks. – tamak Jul 09 '17 at 18:44
  • I was able to find a way to get some feedback from my attempts.... by running exec('ls 2>&1',$out); I get to try to simply list all the files I get the response [ sh: 1: ls: not foundArray ( [0] => sh: 1: ls: not found ) ]. Is this somehow related to a missing environment variable? how is something as simple as the LS command not found? – tamak Jul 23 '17 at 22:12
  • Read the environments reply here: https://askubuntu.com/questions/23009/why-crontab-scripts-are-not-working – peixotorms Jul 24 '17 at 00:00