20

I am running Apache on my localhost. From a PHP script run as www-user I would like to control Rhythmbox playback on my machine. So far I have a simple command in my PHP script:

exec('rhythmbox-client --pause');

This works great when I run it from the command-line as me, but if it runs as www-user I guess rhythmbox-client doesn't know/can't access my instance of Rhythmbox.

Is there an easy way for that PHP script to run as my user rather than www-user, or to tell rhythmbox-client which instance to control?

The overall application is that when my phone goes off-hook it calls my PHP script which pauses music, and resumes playback when the phone is on-hook. I love VoIP phones!

Solution: Thanks to Carpetsmoker and Tarek I used sudo as the answer but there was a couple of problems. To overcome them I did the following:

Created a bash script to call rhythmbox-client. This bash script was executed using sudo in PHP as described in the answer below. Unfortunately rhythmbox-client didn't know what environment to control, so the bash script looks like this:

#! /bin/bash
DBUS_ADDRESS=`grep -z DBUS_SESSION_BUS_ADDRESS /proc/*/environ 2> /dev/null| sed 's/DBUS/\nDBUS/g' | tail -n 1`
if [ "x$DBUS_ADDRESS" != "x" ]; then
        export $DBUS_ADDRESS
        /usr/bin/rhythmbox-client --pause
fi

Now that bash script can be executed by PHP and wwwuser, and my phone can pause/play my music!

Tak
  • 11,428
  • 5
  • 29
  • 48

3 Answers3

27

One solution is using sudo(8):

exec('sudo -u myuser ls /');

You will, obviously, need to setup sudo(8) to allow the user running your webserver to invoke it. Editing the sudoers file with visudo(8), you can use something like:

wwwuser ALL=/usr/bin/rhythmbox-client

To prevent Apache from being able to run other commands and only the rythymbox command.

Martin Tournoij
  • 26,737
  • 24
  • 105
  • 146
  • Hi thanks for the answer. I edited `/etc/sudoers` with `visudo`, but when I exec `sudo -u myuser rhythmbox-client --pause` I am prompted for the wwwuser password. Is there any way to avoid password authentication for this instance? – Tak Aug 02 '11 at 14:28
  • 1
    change it to `wwwuser ALL=NOPASSWD: /usr/bin/rhythmbox-client` – Tarek Fadel Aug 02 '11 at 14:34
  • Thanks I changed it to `wwwuser ALL=(ALL) NOPASSWD: /usr/bin/rhythmbox-client`. It works great if I run it from the command-line as wwwuser, but my PHP script won't run it when called through Apache :( – Tak Aug 02 '11 at 14:52
  • Thanks both for your help, I posted final solution in the answer. It wasn't just user permissions after all! – Tak Aug 02 '11 at 15:40
  • @Carpetsmoker, What about Windows Server? – Pacerier Apr 15 '16 at 14:15
3

In my case, the solution came this way:

  1. Added this lines to sudoers file:

    myuser ALL=(ALL) NOPASSWD: /usr/bin/prlctl
    _www ALL=(ALL) NOPASSWD: /usr/bin/prlctl # IMPORTANT!!!

  2. The EXEC() command in PHP was changed to:

    exec("sudo -u myuser prlctl list -a", $out, $r);

Muhammad Dyas Yaskur
  • 6,914
  • 10
  • 48
  • 73
VictorEspina
  • 352
  • 2
  • 7
-3

If a process can be run by any user it can be run by PHP. Example is fortune command

-rwxr-xr-x 1 root root 18816 Oct  1  2009 /usr/games/fortune

Look at the x permission for every user. But this some times doesn't at all work and you may have to let the user, www-data or apache etc, run the program. You can sudo www-data and try to run the command. If it works then Apache/PHP should be able to run it.

Kumar
  • 5,038
  • 7
  • 39
  • 51