www.webdeveloper.com
Results 1 to 8 of 8

Thread: PHP shell_exec permissions

  1. #1
    Join Date
    Mar 2010
    Posts
    10

    PHP shell_exec permissions

    Hi, I want a php script to execute the following command:

    <?php
    $output = shell_exec("sudo ufw allow from 192.168.0.3");
    echo "<pre>$output</pre>";
    ?>

    My problem is no output generate from this script. Maybe php doesn't have permission to run this script. Anybody can help me to solve this problem.

  2. #2
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    There's no ability for you to input your password in that way, if asks on the command line, never manages to return your output.

    Code:
    <?php
    $output = shell_exec("echo 'password' | sudo -S ufw allow from 192.168.0.3");
    echo "<pre>$output</pre>";
    ?>
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

  3. #3
    Join Date
    Mar 2010
    Posts
    10
    it still not working..

  4. #4
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    Code:
    <?php
    $output = shell_exec("echo 'password' | sudo -S ufw allow from 192.168.0.3 2>&1");
    echo "<pre>$output</pre>";
    ?>
    Watch for errors as well, maybe you're missing something.
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

  5. #5
    Join Date
    Mar 2010
    Posts
    10
    thanks scragar, at least i get some output but my password is not correct.

    [sudo] password for nobody:
    Sorry, try again.
    [sudo] password for nobody:
    sudo: 1 incorrect password attempt

    Anyway thanks for the script.
    Last edited by aravin; 03-14-2010 at 06:29 AM.

  6. #6
    Join Date
    Nov 2008
    Posts
    2,477
    Don't forget it will be your apache user running this script, so you need to enter the password for that user, not yourself. Obviously the apache user must also be on your sudoers list.
    The first rule of Tautology Club is the first rule of Tautology Club.

  7. #7
    Join Date
    Mar 2010
    Posts
    10
    thank everyone. i change soduers list:
    nobody ALL=NOPASSWD: ALL
    Last edited by aravin; 03-14-2010 at 07:53 AM.

  8. #8
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    Quote Originally Posted by aravin View Post
    thank everyone. i change mu soduers list:
    nobody ALL=NOPASSWD: ALL
    You really want to be careful there, you are giving unrestricted access to all commands without a password, if your web access becomes compramised and people can upload their pages with their own commands you can lose complete control of your box, you could lose everything on it, they could steal everything of value it contains, and there'd be nothing to stop them.

    There's a reason sudo has a password in the first place, it's an extra security measure against this course of action.
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles