I didn't see anything in /var/log/messages. Michele
> -----Original Message----- > From: talk-boun...@lists.nyphp.org [mailto:talk-boun...@lists.nyphp.org] > On Behalf Of Leam Hall > Sent: Friday, July 31, 2009 7:58 PM > To: NYPHP Talk > Subject: Re: [nyphp-talk] SSH2_CONNECT > > Hey Michele. > > Can you edit /etc/sudoers? You might be able to give it the NOPASSWD > option, to at least shorten it a bit. > > Can you read /var/log/messages and the web server log to see if they say > anything? > > Leam > > Michele Waldman wrote: > > So I rewrote the code in bash due to my client's concern about > bandwidth. > > > > Here's my new problem: > > $msg = exec("echo $password | sudo /home/user/site_util/copy_sites $id > 2> > > /dev/null"); > > > > The script isn't running. > > > > Since it's running from http, I modified the user nobody to have > /bin/bash > > in /etc/passwd and gave the user a password. > > > > I can login to the server as nobody and run this code on the command > line. > > Works fine. > > > > Does anyone know why this execute isn't working in php? > > > > Michele > > > >> -----Original Message----- > >> From: talk-boun...@lists.nyphp.org [mailto:talk- > boun...@lists.nyphp.org] > >> On Behalf Of Kenneth Dombrowski > >> Sent: Friday, July 31, 2009 7:33 AM > >> To: NYPHP Talk > >> Subject: Re: [nyphp-talk] SSH2_CONNECT > >> > >> On 09-07-30 17:05 -0400, Ajai Khattri wrote: > >>> Most probably your PHP script will be running under the same username > as > >>> Apache (i.e. www or nobody) so sudo wouldn't work anyway. (And you > >>> wouldn't want to give www or nobody sudo privilege anyway!). > >> All this talk about sudo not working made me curious -- why shouldn't > it > >> work? It will, and a well configured sudo offers a very fine level of > >> control -- though whether one wants to do it is another question > >> > >> # visudo > >> Defaults:www-data !lecture > >> Defaults:www-data !authenticate > >> www-data ALL = (kenneth) /usr/bin/touch /tmp/sudoer.apache > >> > >> The first two lines get rid of sudo's usual prompts, since it will > never > >> run interactively, & the last specifies a single command + argument > >> www-data is allowed to run as kenneth (you can use shell-style globs) > >> > >> # sudo.php > >> <?php > >> header('Content-type: text/plain'); > >> $f = '/tmp/sudoer.apache'; > >> system("sudo -u kenneth /usr/bin/touch $f"); > >> print "\n$f exists? " . (bool) file_exists($f); > >> > >> kenn...@gilgamesh:~$ elinks --dump http://localhost/tmp/sudo.php > >> /tmp/sudoer.apache exists? 1 > >> kenn...@gilgamesh:~$ ls -l /tmp/sudoer.apache > >> -rw-r--r-- 1 kenneth kenneth 0 2009-07-30 19:52 /tmp/sudoer.apache > >> > >> So on debian, www-data successfully created a file as kenneth. On > FreeBSD > >> I think www/nobody/whatever has a /bin/false shell, so there it won't > >> work. Of course, you shouldn't do it on shared hosts, and I'm sure > >> somebody will tell me you shouldn't do it at all, but its not due to a > >> technical limitation > >> > >> > >> _______________________________________________ > >> New York PHP User Group Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> http://www.nyphp.org/show_participation.php > > > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
