Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
username ALL = NOPASSWD: path-to-dmidecode-executable
inside visudo then run the program?
I don't understand what that means. visudo is a program that launches a text editor and then confirms the syntax after you exit the editor. It uses the vi editor by default. If you want to use a different editor (nano, for example), do it like this:
Code:
EDITOR=nano visudo
Quote:
Originally Posted by athrin
do i need to change anything in .sh file or in .php file?
Wherever you run "dmidecode", run "sudo" with "dmidecode" as the first argument, instead.
username ALL = NOPASSWD: path-to-dmidecode-executable
This isn't meant literally; "username" should be replaced with the name of the normal user of the system, and "path-to-dmidecode-executable" should be replaced with the literal path to dmidecode itself (e.g. "/usr/sbin/dmidecode").
It's placed inside the /etc/sudoers file using visudo, which is a special utility made to securely edit /etc/sudoers.
This isn't meant literally; "username" should be replaced with the name of the normal user of the system, and "path-to-dmidecode-executable" should be replaced with the literal path to dmidecode itself (e.g. "/usr/sbin/dmidecode").
It's placed inside the /etc/sudoers file using visudo, which is a special utility made to securely edit /etc/sudoers.
athrin:
Remember when you execute a php file it will execute as the user the web server is running as e.g. "apache". So the above sudoers file would for example contain:
Code:
apache ALL = NOPASSWD: /var/www/cgi-bin/example.sh
What your saying here is "let the user apache run example.sh as root without a password prompt"
But I don't know if this is the safest way as it seem like you would want to avoid escalating apache to root even if it's only one command. I like the cron idea the best so far if you don't need real time results.
Also be aware the above example will run everything in example.sh as root not just the dmidecode part within. should stick to the the path-to-dmidecode-executable examples above if your going this route.
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
That's still not right. Put the path to the dmidecode executable, not the script that runs dmidecode. Then modify the script to run "sudo dmidecode" instead of "dmidecode".
Also, the username should be for the account that the server uses, which might not be root.
But to make it organized, put it under the "User privilege specification" section. (Note that the lines beginning with "#" are ignored, they are just comments for human readers, not some kind of "slots").
That's still not right. Put the path to the dmidecode executable, not the script that runs dmidecode. Then modify the script to run "sudo dmidecode" instead of "dmidecode".
Also, the username should be for the account that the server uses, which might not be root.
oh well i'm login using root.. so that mean the username is root right? or ip addrs? you said path to dmidecode
so it like this?
I sure your web server does not run as root. I think you should wrap your head around sudo before making cut and paste solutions. We are trying to help you understand the tools as well as use them.
1. man sudo
2. look at what user you server is running as? user nobody or most likely apache
3. implement the above suggestions making dmidecode available to the user found in step two via sudo.
4. create your cgi or php script and call it via, "sudo dmidecode".
I sure your web server does not run as root. I think you should wrap your head around sudo before making cut and paste solutions. We are trying to help you understand the tools as well as use them.
1. man sudo
2. look at what user you server is running as? user nobody or most likely apache
3. implement the above suggestions making dmidecode available to the user found in step two via sudo.
4. create your cgi or php script and call it via, "sudo dmidecode".
already tried httpd and apache. didnt work..
i already have sh and php script. =_=
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
