Also, maybe change "2> /dev/null" to 2>/tmp/error.log
to see what it says.
Leam
Leam Hall wrote:
Hey Michele.
Can you edit /etc/sudoers? You might be able to give it the NOPASSWD
option, to at least shorten it a bit.
Can you read /var/log/messages and the web server log to see if they say
anything?
Leam
Michele Waldman wrote:
So I rewrote the code in bash due to my client's concern about bandwidth.
Here's my new problem:
$msg = exec("echo $password | sudo /home/user/site_util/copy_sites $id 2>
/dev/null");
The script isn't running.
Since it's running from http, I modified the user nobody to have
/bin/bash
in /etc/passwd and gave the user a password.
I can login to the server as nobody and run this code on the command
line.
Works fine.
Does anyone know why this execute isn't working in php?
Michele
-----Original Message-----
From: talk-boun...@lists.nyphp.org [mailto:talk-boun...@lists.nyphp.org]
On Behalf Of Kenneth Dombrowski
Sent: Friday, July 31, 2009 7:33 AM
To: NYPHP Talk
Subject: Re: [nyphp-talk] SSH2_CONNECT
On 09-07-30 17:05 -0400, Ajai Khattri wrote:
Most probably your PHP script will be running under the same
username as
Apache (i.e. www or nobody) so sudo wouldn't work anyway. (And you
wouldn't want to give www or nobody sudo privilege anyway!).
All this talk about sudo not working made me curious -- why shouldn't it
work? It will, and a well configured sudo offers a very fine level of
control -- though whether one wants to do it is another question
# visudo
Defaults:www-data !lecture
Defaults:www-data !authenticate
www-data ALL = (kenneth) /usr/bin/touch /tmp/sudoer.apache
The first two lines get rid of sudo's usual prompts, since it will never
run interactively, & the last specifies a single command + argument
www-data is allowed to run as kenneth (you can use shell-style globs)
# sudo.php
<?php
header('Content-type: text/plain');
$f = '/tmp/sudoer.apache';
system("sudo -u kenneth /usr/bin/touch $f");
print "\n$f exists? " . (bool) file_exists($f);
kenn...@gilgamesh:~$ elinks --dump http://localhost/tmp/sudo.php
/tmp/sudoer.apache exists? 1
kenn...@gilgamesh:~$ ls -l /tmp/sudoer.apache
-rw-r--r-- 1 kenneth kenneth 0 2009-07-30 19:52 /tmp/sudoer.apache
So on debian, www-data successfully created a file as kenneth. On
FreeBSD
I think www/nobody/whatever has a /bin/false shell, so there it won't
work. Of course, you shouldn't do it on shared hosts, and I'm sure
somebody will tell me you shouldn't do it at all, but its not due to a
technical limitation
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
