0

I have a script in /var/www/Web-EvilBlock/EvilBlock.py

It needs to have sudo permissions to work

My problem is that from my web page in php, I have a button that executes that .py script, but it doesn't work.(Need sudo permissions)

The only way I've gotten it to work is in visudo by adding the line: www-data ALL=(ALL) NOPASSWD: ALL But I would like to make it a little more secure. Is there any other way? I am new to linux.

www-data is the owner of /var/www/Web-EvilBlock and have execution permission

EDIT:Someone answered my problem. I added this line in visudo : www-data ALL=(ALL) NOPASSWD:/usr/bin/python3 /var/www/Web-EvilBlock/EvilBlock.py But now i need another button that uses sudo pkill -f EvilBlock.py

electro
  • 11
  • 3
  • 3
    _there are problems trying to run a .py from php_ : I don't think so. From a PHP program, you can basically run any executable program as a child process. But if the task you want to achieve, requires sudo for a shell script, it would likely also require sudo for a program in Python (or any other language). – user1934428 Mar 16 '23 at 09:43
  • 1
    `there are problems trying to run a .py from php`...not in general. Depends what it's trying to do. Should be no different to running a shell script or any other program. – ADyson Mar 16 '23 at 09:46
  • 1
    Unless you can perhaps get the web user to enter the sudo password when requesting the job to run from the web page, not sure how you get round the permissions thing in a more secure way. As you say, giving the web user blanket permission to bypass sudo is not a great situation – ADyson Mar 16 '23 at 09:51
  • You are right, php can directly execute .py, my bad. I have already changed it, but the problem is still the same. – electro Mar 16 '23 at 12:31
  • `now i need another button`...what exactly is the issue then? You've already made one button, presumably you can copy the same pattern again. Where exactly have you got stuck? – ADyson Mar 16 '23 at 18:31
  • @ADyson What I was trying to do was `shell_exec('sudo pkill -f EvilBlock.py')` but I didn't get it. So what I did was make a .sh file with pkill and give it permissions in visudo. In such a way that in the php I have `shell_exec('sudo bash /var/www/Web-Evilblock/pkill.sh')` – electro Mar 16 '23 at 21:42

1 Answers1

1

To make the user www-data only have sudo permissions for the EvilBlock.py I have added the following line at the end of visudo:

www-data ALL=(ALL) NOPASSWD:/usr/bin/python3 /var/www/Web-EvilBlock/EvilBlock.py

For www-data being able to do "sudo pkill -f EvilBlock.py" I have created a .sh file with the "command" inside. Then in visudo I have added the following line:

www-data ALL=(ALL) NOPASSWD:/usr/bin/bash /var/www/Web-EvilBlock/pkill.sh

NOTE: Be very careful when editing the sudoers file, as incorrect changes can render your system unusable

PHP code for execute the .py:

$output = shell_exec('sudo python3 /var/www/Web-EvilBlock/EvilBlock.py');

PHP code for pkill the .py:

$output2 = shell_exec('sudo pkill -f EvilBlock.py');

electro
  • 11
  • 3