PHP shell_exec permissions

[aravin]

Hi, I want a php script to execute the following command:

<?php
$output = shell_exec("sudo ufw allow from 192.168.0.3");
echo "<pre>$output</pre>";
?>

My problem is no output generate from this script. Maybe php doesn't have permission to run this script. Anybody can help me to solve this problem.

[scragar]

There's no ability for you to input your password in that way, if asks on the command line, never manages to return your output.

Code:

<?php
$output = shell_exec("echo 'password' | sudo -S ufw allow from 192.168.0.3");
echo "<pre>$output</pre>";
?>

[aravin]

it still not working..

[scragar]

Code:

<?php
$output = shell_exec("echo 'password' | sudo -S ufw allow from 192.168.0.3 2>&1");
echo "<pre>$output</pre>";
?>

Watch for errors as well, maybe you're missing something.

[aravin]

thanks scragar, at least i get some output but my password is not correct.

[sudo] password for nobody:
Sorry, try again.
[sudo] password for nobody:
sudo: 1 incorrect password attempt

Anyway thanks for the script.

[Mindzai]

Don't forget it will be your apache user running this script, so you need to enter the password for that user, not yourself. Obviously the apache user must also be on your sudoers list.

[aravin]

thank everyone. i change soduers list:
nobody ALL=NOPASSWD: ALL

[scragar]

thank everyone. i change mu soduers list:
nobody ALL=NOPASSWD: ALL

You really want to be careful there, you are giving unrestricted access to all commands without a password, if your web access becomes compramised and people can upload their pages with their own commands you can lose complete control of your box, you could lose everything on it, they could steal everything of value it contains, and there'd be nothing to stop them.

There's a reason sudo has a password in the first place, it's an extra security measure against this course of action.