LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-27-2008, 01:45 AM   #1
bilal_linux
LQ Newbie
 
Registered: Mar 2007
Posts: 15

Rep: Reputation: 0
Executing sudo command from PHP script


Hello Everyone,

i am stuck in a slightly complex problem where i have a control panel application developed in PHP (running on apache) and the actual frontend website is developed in Java running on tomcat on the same machine.

from the control panel, i upload a few images that are used in the website. the control panel pages are located at /var/www/html/appname whereas the tomcat application is present at /usr/local/apache/webapps/appname.

now the problem is that the images should be directly uploaded/somehow copied to /usr/local/apache/webapps/appname/images directory so that the website can access them. on windows machine it was not a problem. but on linux i always get the message Permission denied.

i have also tried to upload images to /var/www/html/appname/images/ first and then copy them to /usr/local/apache/webapps/appname/images/ directory by executing sudo from php script but it doesnt work. however, if i run the same command in linux shell, it works. the command is:

sudo cp /var/www/html/appname/images/image1.jpg /usr/local/apache/webapps/appname/images/image1.jpg

php is executed using the user apache, so i have added to following line in sudoers file

apache ALL=(ALL) NOPASSWD: ALL

but nothing seems to work. any help would be highly appreciated.

kind regards,
Bilal
 
Old 02-27-2008, 06:52 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
What are the permissions on both directories, who owns which?
ls -l /var/www/html
ls -l usr/local/apache/webapps/appname

Maybe you could save yourself a lot of coding hassles if you
gave the right user (group?) ownership of both...


Cheers,
Tink
 
Old 02-28-2008, 12:12 AM   #3
bilal_linux
LQ Newbie
 
Registered: Mar 2007
Posts: 15

Original Poster
Rep: Reputation: 0
chmod 777 on both the directories. this is where all the confusion is. i did it for testing but even chmod 777 didnt work.

Quote:
Originally Posted by Tinkster View Post
What are the permissions on both directories, who owns which?
ls -l /var/www/html
ls -l usr/local/apache/webapps/appname

Maybe you could save yourself a lot of coding hassles if you
gave the right user (group?) ownership of both...


Cheers,
Tink
 
Old 09-02-2008, 06:01 AM   #4
eshcse
LQ Newbie
 
Registered: Sep 2008
Posts: 1

Rep: Reputation: 0
same problem any help??

hello there, I m also getting the same problem. I m trying to execute some linux system commands (like ps ) from my php. I tried using the sudo command and edited the sudoers file too. But still i am not able to execute those commands. Pls if some one has already solved this problem or know the solution pls do tell...


thanks in advance

regards
esh
 
Old 03-21-2009, 03:47 PM   #5
another 1
Member
 
Registered: Nov 2008
Posts: 65

Rep: Reputation: 15
Question

I am having the same problem. the simple shell commands is executed via the php while the root based commands doesn't. using sudo didn't solve the problem. and even for the simple commands using sudo cause the command to stop working.
Quote:
for example
exec("echo 'test' > /tmp/test.txt");
work well while
exec("sudo echo 'test' > /tmp/test.txt");
doesn't
executing
exec("whoami");
in php result in (apache)
when i edit apache in sudo to execute all the commands nothing happens
Quote:
apache ALL=(ALL) NOPASSWD:ALL
what is the problem. all the forums say we need to use sudo, but no one say how?

another more thing. is that the sudo make the shell to stop working. for example i have the root and the khalid user. when configuring the httpd.cnf to work as khalid (user khalid & groub khalid). after giving the khalid user the full privileges. i write the following commands in the shell and in the php
in the shell whoami and the output is khalid (when i am using khalid)
in the shell sudo whoami and the output is root (when i am using khalid)
in the php page the command is exec("whoami")and the output is khalid
in the php page the command is exec("sudo whoami")and there is no output (strange isn't it?

Last edited by another 1; 03-21-2009 at 05:23 PM.
 
Old 09-05-2009, 01:02 PM   #6
MorderVomUbel
LQ Newbie
 
Registered: Mar 2009
Distribution: Archlinux
Posts: 13

Rep: Reputation: 2
Okay... First of all, sudo does NOT give root priviledges to redirection operators, such as > and >>. It will still redirect output, but remember that the file you pipe to must be writable without root priviledge.

Your real problem is most likely a little setting in your sudoers file that caused me a fair amout of grief. Do you have a line like this?

Code:
Defaults    requiretty
Comment that out! It's a sneaky little bugger that prevents non-tty users (such as apache scripts) from using sudo at all. My sudoers file has this to say about the setting:

Code:
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
#Defaults    requiretty
Notice that I commented it out.


WARNING:

Be wary of allowing apache sudo access, ESPECIALLY if you plan on giving it access to everything, and EVEN MORE SO if you have multiple domains or you didn't write all of the server-side scripts yourself (assuming you're a good coder . Giving apache sudo access is a disaster waiting to happen, as ANY rogue script will have total power over your server!!! Please use an alternate method.

My method was to only give apache NOPASSWD sudo access to premade bash scripts that only did one small function each, and only accepted one small argument. Hopefully nobody evil ever finds out what those sudo-able commands are, but if they do, the most they can do is rewrite some apache virtual host config files. A bad thing, but not the end of the world . BUT if I allowed apache sudo access to everything, any rogue script that found out about it could TOTALLY root the server. As I share a dedicated host with people who buy their php apps from coders who don't understand security, I wouldn't sleep well at night if Apache had full sudo access.

Sorry for the length of the post. I found this in a google search and wanted to warn fellow googlers. I hope that helps
 
Old 09-22-2009, 05:42 AM   #7
another 1
Member
 
Registered: Nov 2008
Posts: 65

Rep: Reputation: 15
thank you very much MorderVomUbel. you know, that time i was asking about this, i was disparately searching for solution because i was running out of time, but right now, i am concerned much about improving the application. your post is very useful.
 
Old 09-22-2009, 07:36 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Concur with MorderVomUbel about security implications. Good advice!
 
Old 09-22-2009, 08:16 PM   #9
lutusp
Member
 
Registered: Sep 2009
Distribution: Fedora
Posts: 835

Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by bilal_linux View Post
Hello Everyone,

i am stuck in a slightly complex problem where i have a control panel application developed in PHP (running on apache) and the actual frontend website is developed in Java running on tomcat on the same machine.

from the control panel, i upload a few images that are used in the website. the control panel pages are located at /var/www/html/appname whereas the tomcat application is present at /usr/local/apache/webapps/appname.

now the problem is that the images should be directly uploaded/somehow copied to /usr/local/apache/webapps/appname/images directory so that the website can access them. on windows machine it was not a problem. but on linux i always get the message Permission denied.

i have also tried to upload images to /var/www/html/appname/images/ first and then copy them to /usr/local/apache/webapps/appname/images/ directory by executing sudo from php script but it doesnt work. however, if i run the same command in linux shell, it works. the command is:

sudo cp /var/www/html/appname/images/image1.jpg /usr/local/apache/webapps/appname/images/image1.jpg

php is executed using the user apache, so i have added to following line in sudoers file

apache ALL=(ALL) NOPASSWD: ALL

but nothing seems to work. any help would be highly appreciated.

kind regards,
Bilal
You cannot use "sudo" from a non-TTY. Think of another way to do what you need to do. "sudo" isn't what you want -- it is only for interactive sessions, or shell scripts launched directly from interactive sessions.
 
Old 02-15-2010, 08:23 PM   #10
copyme
LQ Newbie
 
Registered: Feb 2010
Posts: 1

Rep: Reputation: 0
Dead thread resurrection time.

How would one assign a tty to a script or link via SSH or some such, to provide the capability to run commands as root?

the reason I ask is that I'm in the process of making a browser based terminal in AJAX.

found this in google just now

Quote:
or am I left with no other option than to add a script to the server crontab (for root) which runs constantly?
how would that happen and would you be so kind as to help me?

I'm on ubuntu karmic.
 
Old 02-16-2010, 12:29 AM   #11
MorderVomUbel
LQ Newbie
 
Registered: Mar 2009
Distribution: Archlinux
Posts: 13

Rep: Reputation: 2
Red face bump reply

copyme: This is probably the wrong thread to ask how to allocate a psuedo-terminal, but maybe pts is what you need? As for ssh... FreeNX uses a local ssh loop to authenticate, I believe. Regarding ways to actually hook them into your AJAX shell, I'll admit that I have no more knowledge/experience in that area.

If your main concern is running sudo commands inside the AJAX shell, see my previous post and add a line in your sudoers:

apache ALL=(ALL) NOPASSWD: ALL

...or you can ask questions if you have trouble.


As the thread has been bumped, I may as well respond to the last comments...

another1: Glad I could help out.

chrism01: Thanks for the complement

lutusp: Unless you have a weird distro, sudo should work just fine if you follow what I showed in my previous post, as well as giving apache some NOPASSWD access.


everybody else: Happy linux admin'ing, and goodnight...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
php script and sudo jaymoney Programming 7 07-02-2007 09:15 PM
Executing system commands in a php script atiq Linux - Server 2 02-26-2007 10:45 AM
Cron not Executing PHP script Badnoodles Linux - General 2 10-25-2006 05:56 PM
Executing UNIX command from PHP script ckoniecny Programming 3 03-01-2006 11:42 PM
PHP executing System command abdul_zu Linux - General 4 12-28-2005 03:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration