Hello,
I've tried doing a whoami using PHP exec and got the user 'nobody' on my box. I edited the passwd file and provided nobody with bash access (I'm aware of the security risk here). I edited the sudoers file using visudo and created an entry for nobody to run ALL commands using root (again, I know the security risk but it doesn't matter in my case).
In SSH, after a 'su - nobody' while I'm on root I can run any command using sudo. Say :
Code:
root@server [~]# su - nobody
-bash-3.1$ sudo whoami
root
-bash-3.1$ sudo foo
sudo: foo: command not found
But when I do the same with a PHP file using the code :
Code:
<?php
echo shell_exec('sudo foo');
echo system('sudo foo');
echo passthru('sudo foo');
echo exec('sudo foo');
echo system('id');
echo system('uname');
?>
I get NO output for any of the line containing sudo, but I get output for the last two lines (id and uname).
I don't know where I'm wrong here, my sudoers entry reads ->
Code:
nobody ALL=(root) NOPASSWD: ALL
So, there's no hostname/FQDN restriction. I've also tried executing the script from an IP instead of a FQDN. There might be some other restriction or problem which I'm overlooking or of which I'm not aware of. Please help me.
Thanks your for inputs.