Thank you. sudo: sorry, you must have a tty to run sudo
I don't know how to resolve this. Michele > -----Original Message----- > From: talk-boun...@lists.nyphp.org [mailto:talk-boun...@lists.nyphp.org] > On Behalf Of Leam Hall > Sent: Friday, July 31, 2009 8:22 PM > To: NYPHP Talk > Subject: Re: [nyphp-talk] SSH2_CONNECT > > Drat! That's my favorite reading. :) > > Couple more ideas, based on an OS perspective. If it's a PHPism, I'm not > so good... > > If the copy_sites program is a script and not a binary, edit it early on > to create a temporary file. For example, put in a like "echo guido > > /tmp/woo-hoo". See if it writes it. If so, then it's choking on the > script. If not, then it's not getting to the script. > > Also, have it echo $id to a temp file to make sure the variable > substitution is happening correctly. > > Hope that helps. > > Leam > > Michele Waldman wrote: > > I didn't see anything in /var/log/messages. > > > > Michele > > > >> -----Original Message----- > >> From: talk-boun...@lists.nyphp.org [mailto:talk- > boun...@lists.nyphp.org] > >> On Behalf Of Leam Hall > >> Sent: Friday, July 31, 2009 7:58 PM > >> To: NYPHP Talk > >> Subject: Re: [nyphp-talk] SSH2_CONNECT > >> > >> Hey Michele. > >> > >> Can you edit /etc/sudoers? You might be able to give it the NOPASSWD > >> option, to at least shorten it a bit. > >> > >> Can you read /var/log/messages and the web server log to see if they > say > >> anything? > >> > >> Leam > >> > >> Michele Waldman wrote: > >>> So I rewrote the code in bash due to my client's concern about > >> bandwidth. > >>> Here's my new problem: > >>> $msg = exec("echo $password | sudo /home/user/site_util/copy_sites $id > >> 2> > >>> /dev/null"); > >>> > >>> The script isn't running. > >>> > >>> Since it's running from http, I modified the user nobody to have > >> /bin/bash > >>> in /etc/passwd and gave the user a password. > >>> > >>> I can login to the server as nobody and run this code on the command > >> line. > >>> Works fine. > >>> > >>> Does anyone know why this execute isn't working in php? > >>> > >>> Michele > >>> > >>>> -----Original Message----- > >>>> From: talk-boun...@lists.nyphp.org [mailto:talk- > >> boun...@lists.nyphp.org] > >>>> On Behalf Of Kenneth Dombrowski > >>>> Sent: Friday, July 31, 2009 7:33 AM > >>>> To: NYPHP Talk > >>>> Subject: Re: [nyphp-talk] SSH2_CONNECT > >>>> > >>>> On 09-07-30 17:05 -0400, Ajai Khattri wrote: > >>>>> Most probably your PHP script will be running under the same > username > >> as > >>>>> Apache (i.e. www or nobody) so sudo wouldn't work anyway. (And you > >>>>> wouldn't want to give www or nobody sudo privilege anyway!). > >>>> All this talk about sudo not working made me curious -- why shouldn't > >> it > >>>> work? It will, and a well configured sudo offers a very fine level > of > >>>> control -- though whether one wants to do it is another question > >>>> > >>>> # visudo > >>>> Defaults:www-data !lecture > >>>> Defaults:www-data !authenticate > >>>> www-data ALL = (kenneth) /usr/bin/touch /tmp/sudoer.apache > >>>> > >>>> The first two lines get rid of sudo's usual prompts, since it will > >> never > >>>> run interactively, & the last specifies a single command + argument > >>>> www-data is allowed to run as kenneth (you can use shell-style globs) > >>>> > >>>> # sudo.php > >>>> <?php > >>>> header('Content-type: text/plain'); > >>>> $f = '/tmp/sudoer.apache'; > >>>> system("sudo -u kenneth /usr/bin/touch $f"); > >>>> print "\n$f exists? " . (bool) file_exists($f); > >>>> > >>>> kenn...@gilgamesh:~$ elinks --dump http://localhost/tmp/sudo.php > >>>> /tmp/sudoer.apache exists? 1 > >>>> kenn...@gilgamesh:~$ ls -l /tmp/sudoer.apache > >>>> -rw-r--r-- 1 kenneth kenneth 0 2009-07-30 19:52 /tmp/sudoer.apache > >>>> > >>>> So on debian, www-data successfully created a file as kenneth. On > >> FreeBSD > >>>> I think www/nobody/whatever has a /bin/false shell, so there it won't > >>>> work. Of course, you shouldn't do it on shared hosts, and I'm sure > >>>> somebody will tell me you shouldn't do it at all, but its not due to > a > >>>> technical limitation > >>>> > >>>> > >>>> _______________________________________________ > >>>> New York PHP User Group Community Talk Mailing List > >>>> http://lists.nyphp.org/mailman/listinfo/talk > >>>> > >>>> http://www.nyphp.org/show_participation.php > >>> _______________________________________________ > >>> New York PHP User Group Community Talk Mailing List > >>> http://lists.nyphp.org/mailman/listinfo/talk > >>> > >>> http://www.nyphp.org/show_participation.php > >>> > >> _______________________________________________ > >> New York PHP User Group Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> http://www.nyphp.org/show_participation.php > > > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
