2

I'm trying to setup a web interface for some controlled plug sockets I have, the sockets are controlled by a Raspberry Pi. I want to have a couple of links on a web page that I can use to turn the switches on and off. I've been trying to use PHP to do this and for some reason it just won't work.

I've tried various suggestions (see below links). All I'm getting is a white page whenever I click the link, and it doesn't do what its supposed to i.e. turn the switch on and off. Running the PHP script from the command line works as expected, the issue seems to be only when trying to run it from the webpage.

I've looked at the permissions and for the script I've set the permissions with: chmod 777 /path/to/script

I've tried storing the script in my home folder and in the /var/www/html folder with no joy. Nothing appears in the NGINX logs or PHP-FPM log to indicate any error.

I've tried editing the sudoers file to give www-data access to the script (www-data ALL:=/path/to/script/ and even tried it with all permissions for www-data (www-data ALL=(ALL:ALL) ALL) neither have worked.

I did think it might be because the script I'm trying to run involves starting an SSH session but I can't even get a local command to work to create a blank file either in the /home/pi/ directory or /var/www/html.

I've put the script I'm trying to run below along with the PHP I'm using to call the script and a second PHP file I've used to try other commands.

Any help or pointers in the right direction would be appreciated. I think the script is running but its failing somewhere and I can't work out where. The only thing I get back in a web browser is the echo $username line so I know its working in part but when I try to execute a command nothing happens.

PHP SCRIPT:

<?php
   $username = posix_getpwuid(posix_geteuid())['name'];
   echo $username;
   exec("/home/pi/scripts/switch2off");
?>

TEST SCRIPT:

<?php
  exec("touch /var/www/html/s/test.txt");
?>

SWITCH2OFF SCRIPT

#! /bin/bash
ssh pi@example 'python /home/pi/switches/switch_2_off.py'

NGINX CONFIG:


limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

server {
        listen 80;
        listen [::]:80;
        return 301 https://$server_name$request_uri;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name example.com;

        location /.well-known/ {
                allow all;
        }
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        server_name example.com;

        include snippets/ssl-example.conf;
        include snippets/ssl-params.conf;

        root /var/www/html;

        location / {
                limit_req zone=one burst=5;
                root /var/www/html;
                auth_basic "Please Log In";
                auth_basic_user_file /etc/nginx/.htpasswd;
                proxy_set_header X-Content-Type-Options: nosniff;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                add_header X-Frame-Options "allow-from example.com";
        }

        location /.well-known/ {
                allow all;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

}

server {
    error_page 401 403 404 /404.html;
}

PHP-FPM LOG:


[03-Aug-2020 05:00:01] NOTICE: Terminating ...
[03-Aug-2020 05:00:01] NOTICE: exiting, bye-bye!
[03-Aug-2020 05:00:29] NOTICE: fpm is running, pid 620
[03-Aug-2020 05:00:29] NOTICE: ready to handle connections
[03-Aug-2020 05:00:29] NOTICE: systemd monitor interval set to 10000ms

MY RESEARCH/THINGS I'VE TRIED:

Nginx serves .php files as downloads, instead of executing them - I started here as initially I had a config issue when instead of running the PHP scripts it served them as a download instead.

Run a shell script with an html button - this is where I got the code from for the PHP script

PHP code is not being executed, instead code shows on the page - not quite the same issue as I'm seeing. The web browser doesn't display any code from the php file even when going to view source

https://askubuntu.com/questions/520566/why-wont-this-php-script-execute-bash-script

https://unix.stackexchange.com/questions/115054/php-shell-exec-permission-on-linux-ubuntu

https://www.linode.com/docs/web-servers/nginx/serve-php-php-fpm-and-nginx/

rohtua
  • 165
  • 1
  • 11
  • 1
    "All I get is a white page" - you mean you don't even get the `$username` output? Can you validate that the PHP script isn't running *at all* by trying ` – wally Aug 03 '20 at 16:07
  • 1
    Also - I'd try generating a PHP error to see if it's logged in the fpm-php logs. `trigger_error("Hello world");` should do it. – wally Aug 03 '20 at 16:08
  • @wally Hi, I should have been a bit clearer, I do see the output from $username but forgot about it. I didn't put that in till later to try and see which user it was running as incase it was running as nobody. Its just the exec parts that don't seem to run. I've updated the question to include my php-fpm log (the trigger_error doesn't seem to have done anything), from /var/log ?? I don't know if there's another log somewhere I can provide? – rohtua Aug 03 '20 at 16:16
  • 1
    Ah ok! Then via Nginx, does `phpinfo();` say safe mode is enabled? (And if it is, what the safe mode path is?) – wally Aug 03 '20 at 16:21
  • 1
    I can't see anything in the output that says safe mode, the only two things I can find with safe in them are Thread Safety: disabled and filter.default: unsafe_raw. I've just googled it and according to the php manual safe mode was removed in 5.4.0? I'm using 7.3 https://www.php.net/manual/en/features.safe-mode.php – rohtua Aug 03 '20 at 16:42
  • 1
    Maybe `disable_functions`? Check your `phpinfo();` for this. Dont check via `php -i` or you will get the cli config. – SirPilan Aug 03 '20 at 20:09
  • 1
    Whats the output of `var_dump(is_file('/home/pi/switches/switch_2_off.py'));`? – SirPilan Aug 03 '20 at 20:11
  • 1
    @rohtua - ah yes, I should have checked myself. I've been using PHP since version 4-something, I forgot it was removed. Won't be that then. Clutching at straws - your php-fpm config, it doesn't have any references to `chroot` in it does it? – wally Aug 04 '20 at 08:28

1 Answers1

0

Thanks for all the help. I found the issue. It wasn't with PHP or NGINX. The owner on /var/www/.ssh was set to pi for some reason. I've changed it to www-data and the script has started working now from the webpage. I'm still not sure why my second script to create a file wouldn't work (probably a permissions issue) but I was experimenting and found that other commands would work (like ls) which brought me back to thinking it had to be a permissions error somewhere.

So I went back through all the scripts and folders and checked and it was the .ssh folder. A quick chown fixed the problem.

Thank you again for all your suggestions and help!

rohtua
  • 165
  • 1
  • 11