17

How to run from PHP a bash script under root user (with all permissions) and not nobody user - php default user?

thats my output after sudo visudo:

Defaults        env_keep += "LINES COLUMNS"
Defaults        env_keep += "LSCOLORS"
Defaults        env_keep += "SSH_AUTH_SOCK"
Defaults        env_keep += "TZ"
Defaults        env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults        env_keep += "EDITOR VISUAL"
Defaults        env_keep += "HOME MAIL"

#User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL


# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL) ALL

# Same thing without a password
# %wheel        ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
Improve this question
1
  • 3
    This sounds dangerous, so raises the obvious question: why do you need to do this? Perhaps this is a better overall solution. Commented Jun 6, 2012 at 13:34

5 Answers 5

Reset to default
35

You can use sudo:

exec("sudo /your/script");

You should allow executing your script without password prompt. Run sudo visudo in console and add the following string to the end:

nobody ALL = NOPASSWD: /your/script

You must set up file mode properly to ensure that no one can modify this script and put dangerous contents into it (in root console):

chown root:root /your/script
chmod 755 /your/script
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Where exactly i should add it? I publish my output after sudo visudo in the question
Just put new line to the end of file.
@Riateche I did it all! cant run it... i am calling to xcodebuilde(Unix program) -nothing happens, in terminal works file.
Check return value of exec function. Pass $output and $return_var parameters and check their values too. They could contain some useful information.
checked it. output=Array and return_var=69.
1

You can make a program which is set-uid root. This causes the program to always run as root. This doesn't work with shell scripts, so you have to use a program which calls your script.

Improve this answer

1 Comment

The link seems broken.
0

Under Linux you normally do this using sudo. Try to be as specific as possible, so not to give the script too many permissions.

For examples on how to use sudo: http://aplawrence.com/Basics/sudo.html

Improve this answer

1 Comment

The problem is that when i run it on terminal its works good, but when i run that bash script from php it isn't executed (other simple bash with cp,mv commands working), i think its 90% permissions.
0

I would add a specific rule to allow this script to be called by nobody user, using sudo.

Improve this answer

8 Comments

See Riateche's answer - you need to add the line nobody ALL = NOPASSWD: /your/script to the "visudo" file (sudoers configuration file). Of course, substitute /your/script by the path to your script.
How can i edit this file? i used sudo visudo but it's shows only the output.
Strange. sudo visudo should open it in a file editor: google.com.br/search?q=visudo
You can change the editor visudo uses by typing EDITOR=nano (for example)... in "nano", use CTRL+O, CTRL+X to save the file...
I cant do nothing with it, i open the file - Cant save it, it wont close, its duplicates himself....
|
-1

I recently published a project that allows PHP to obtain and interact with a real Bash shell (as user: apache/www-data or root if needed). Get it here: https://github.com/merlinthemagic/MTS

After downloading you would simply use the following code:

$shell    = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1  = $shell->exeCmd('/full/path/to/script.sh');
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.