Hi.

I'm currently working on a script that would allow me change firewall rules on a box from a laptop. First of all, i'll describe the system.

|¯¯¯¯¯¯| |¯¯¯¯¯¯¯¯¯¯|
|Laptop |--------| Linux Box |-----------SERVER
|______| |__________|

The linux box is a multimedia device wich as 2 network cards. One allows to connect a laptop to the Linux Box and the other one allow the Linux Box to connect to the server.

Right now, I can navigate on my linux box and use a web page to communicate with the server and activate my script that change my firewall rules and allow the laptop to connect to the internet.

Now, when I connect the laptop and the firewall rules are not changed, it pops me a webpages asking to active the connection. However, I need the server to register that transaction. So the Linux Box gets the information via a php script, and push me a webpages containing the information.

I'm now trying to active the firewall rules from the LAPTOP. I use a PHP script wich calls a script on the server. In a perfect world, the server connects to the box via ssh and activate the script.

Now, i've made a small SH script :
***********************************************

#!/bin/sh
#This script is used to enable firewall rules on the STB
#to allow a laptop connection over the internet.

UNIT="0"
CMD="0"

if [ "$#" -eq "0" ]; then
echo "Need at least 1 argument"
exit
fi

if [ "$#" -ge "1" ]; then
UNIT=$1
fi

if [ "$#" -ge "2" ]; then
CMD="ENABLE"
fi

echo "UNIT is set to : $UNIT"
echo "CMD is set to : $CMD"

ssh -l root $UNIT /opt/irg/api/os/irg-ip_gw.sh $CMD

echo "Firewall is open"

************************************************

If i'm on the server, and execute the script with the command line, NO problem. The ports open, joy follow, i'm happy, my dog too, alleuia... However, if it's the webpage from the LinuxBox that does it, it's not working. The script executes, because the echo appears on my webpages that's constructed via php but it's look likes it just jumps the ssh line ....

Here are the permission on my script : -rwxr-xr-x 1 root root 425 Sep 2 13:44 irg-ip_gw.sh

I'm pretty sure it's a permission issue but I cant really figure how to fix it. I would qualify myself as an advanced and learning linux on a daily basis now. Any help would be appreciated.

Thx.

Phil.

Are you sure the user which runs the web server (usually www-data, www, nobody or something else like that) has the right to run shell commands and to connect to the server without password (thus, using a key) ?

When you run the script manually on your linux box, do you run it with your actual user or with the "web user" (ie, the one which is used by your http daemon) ?

I run it with the acutal user ( root ).
I am actually looking into a few "SUDO" tutorials.
First of all, i'll verify that my "web user" has those permission as suggested (thx for pointing that out "rmic")
Then, i'll try to get around that using SUDO if I dont have the permission.

Does someone has any other suggestion regarding an alternative to the permission problems or SUDO should work fine ?

Ok, after a few hours of work on that I managed to make it work.

rmic, thx for the help, you pointed out the right direction.

I was told at job that our ColdFusionMX server was running as the apache user.
That was not the case after further investigation.

that allowed me to learn how to use sudo.

I allowed user nobody to exectue a script that would allow the firewall to be opened.