LinuxQuestions.org - Run as sudo from web browser?

- Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)

- - Run as sudo from web browser? (https://www.linuxquestions.org/questions/linux-general-1/run-as-sudo-from-web-browser-646633/)

rejeep

06-03-2008 06:25 AM

Run as sudo from web browser?

Hi!

Since I don't know what is causing the problem I have I was unsure in which forum to post in. Please move if in wrong.

To my problem. I'm trying to run a script on my server from a web browser. The PHP-script I did for this looks like this (running on Apache):

Code:

<?php



echo "<pre>";

echo shell_exec("/path/to/my/script.sh");

echo "</pre>";



?>

And script.sh looks like this:

Code:

echo "password" | sudo -u user -S /usr/bin/mongrel_rails cluster::restart -C /etc/mongrel_cluster/enviroment.yml

And I guess (not sure) that the problem is that I run sudo. It works if I log in to the computer over SSH and run the script. But when executing it from the browser I'm not logged in as any user (right?), and therefore sudo cannot execute my script.

Could that be the source to my problem and how do I solve it?

Thanks!

oskar

06-03-2008 06:41 AM

Maybe

su -c 'command'

That also just executes one command, but it doesn't need sudo to be set up for the user.

rejeep

06-03-2008 07:12 AM

Quote:

Originally Posted by oskar (Post 3173079)

Maybe

su -c 'command'

That also just executes one command, but it doesn't need sudo to be set up for the user.

I don't think that you can pass the password to su in the same way you do with sudo. sudo -S tells sudo to read from the standard input instead of the terminal device.

bathory

06-03-2008 07:33 AM

Quote:

But when executing it from the browser I'm not logged in as any user (right?), and therefore sudo cannot execute my script.

You run the script as the user that runs apache. Run

Code:

ps -ef|grep httpd

to find that user (usually nobody or www-run) and put him in /etc/sudoers

rejeep

06-23-2008 11:36 AM

The script was run as the user apache which had the SHELL-variable set to /sbin/nologin. I changed it to /bin/bash and it worked!

Thanks!

trickykid

06-23-2008 01:05 PM

Quote:

Originally Posted by rejeep (Post 3192763)

The script was run as the user apache which had the SHELL-variable set to /sbin/nologin. I changed it to /bin/bash and it worked!

Thanks!

I could probably list a millions reasons why apache should not have a valid shell account. Huge security risk is the number one reason.

rejeep

06-24-2008 02:07 AM

Quote:

Originally Posted by trickykid (Post 3192838)

I could probably list a millions reasons why apache should not have a valid shell account. Huge security risk is the number one reason.

Of course there's a reason to why apache doesn't have a shell. But for now it's works, and thats the most important.

All times are GMT -5. The time now is 07:08 AM.