Run as sudo from web browser?

rejeep · 06-03-2008, 06:25 AM

Hi!

Since I don't know what is causing the problem I have I was unsure in which forum to post in. Please move if in wrong.

To my problem. I'm trying to run a script on my server from a web browser. The PHP-script I did for this looks like this (running on Apache):

Code:

<?php

echo "<pre>";
echo shell_exec("/path/to/my/script.sh");
echo "</pre>";

?>

And script.sh looks like this:

Code:

echo "password" | sudo -u user -S /usr/bin/mongrel_rails cluster::restart -C /etc/mongrel_cluster/enviroment.yml

And I guess (not sure) that the problem is that I run sudo. It works if I log in to the computer over SSH and run the script. But when executing it from the browser I'm not logged in as any user (right?), and therefore sudo cannot execute my script.

Could that be the source to my problem and how do I solve it?

Thanks!

oskar · 06-03-2008, 06:41 AM

Maybe

su -c 'command'

That also just executes one command, but it doesn't need sudo to be set up for the user.

rejeep · 06-03-2008, 07:12 AM

Quote:

Originally Posted by oskar

Maybe

su -c 'command'

That also just executes one command, but it doesn't need sudo to be set up for the user.

I don't think that you can pass the password to su in the same way you do with sudo. sudo -S tells sudo to read from the standard input instead of the terminal device.

bathory · 06-03-2008, 07:33 AM

Quote:

But when executing it from the browser I'm not logged in as any user (right?), and therefore sudo cannot execute my script.

You run the script as the user that runs apache. Run

Code:

ps -ef|grep httpd

to find that user (usually nobody or www-run) and put him in /etc/sudoers

rejeep · 06-23-2008, 11:36 AM

The script was run as the user apache which had the SHELL-variable set to /sbin/nologin. I changed it to /bin/bash and it worked!

Thanks!

trickykid · 06-23-2008, 01:05 PM

Quote:

Originally Posted by rejeep

The script was run as the user apache which had the SHELL-variable set to /sbin/nologin. I changed it to /bin/bash and it worked!

Thanks!

I could probably list a millions reasons why apache should not have a valid shell account. Huge security risk is the number one reason.

rejeep · 06-24-2008, 02:07 AM

Quote:

Originally Posted by trickykid

I could probably list a millions reasons why apache should not have a valid shell account. Huge security risk is the number one reason.

Of course there's a reason to why apache doesn't have a shell. But for now it's works, and thats the most important.