-1

I need to run a cPanel script from the command line via PHP's exec function (other cPanel options are not viable). The command is roughly:

uapi --user=[user] Email suspend_incoming email=[user]%40[domain].[tld]

I was getting the following error:

setuids failed: Attempting to setuid as a normal user with RUID ***

That in turn led me to realize that the user under which PHP runs does not have permission to execute that command which lead me to this thread. However just as you're not supposed to CHMOD files blatantly as 777 I don't want to blindly enable all commands for this user when using sudo from the command line or PHP's exec script.

How do I only allow the uapi command (also multiple specific commands) to be executed by this user when using sudo via an edit to the sudoers file?

John
  • 1
  • 13
  • 98
  • 177
  • 1
    Does anything here help? https://unix.stackexchange.com/questions/18830/how-to-run-a-specific-program-as-root-without-a-password-prompt. Note, if you give the PHP user access to execute this command, it will be available system-wide through any script on the server (assuming it's executed as the same user). – Mike Jun 15 '18 at 22:41

1 Answers1

-1

You can give a user access to execute a command as root via an entry to sudoers file like so (assuming www-data is the PHP process owner user):

www-data  ALL=(root) NOPASSWD: /path/to/uapi

Obtain the path to the uapi file via the command which uapi. You should carefully consider the security implications of this action.

This UNIX stackexchange question has a nice detailed explanation of the sudo entry syntax.

Roger Gee
  • 851
  • 5
  • 10
  • *Awesome* except, go figure, cPanel creates some sort of complication. I used `$ which uapi` (thank you *very* much for adding that bit) however it returned "command not found". I do *not* know how the `uapi` is registered to run as it does and am completely void of knowing what to ask let alone do in this scenario? – John Jun 15 '18 at 22:56
  • Also, do I have to restart Linux for this to take effect? – John Jun 15 '18 at 23:05
  • The `which` command should return no output if a command is not found. If this happens, then the searched command may not exist in the `PATH`. You may have to search the filesystem for it manually. Also, you shouldn't have to reboot the system for the changes to take effect. – Roger Gee Jun 16 '18 at 15:24