Leam Hall wrote:
http://forums.fedoraforum.org/showthread.php?t=159677
[r...@leam ~]# grep -i tty /etc/sudoers
Defaults requiretty
That might help. :)
Leam
Michele Waldman wrote:
Thank you.
sudo: sorry, you must have a tty to run sudo
I don't know how to resolve this.
Michele
-----Original Message-----
From: talk-boun...@lists.nyphp.org
[mailto:talk-boun...@lists.nyphp.org]
On Behalf Of Leam Hall
Sent: Friday, July 31, 2009 8:22 PM
To: NYPHP Talk
Subject: Re: [nyphp-talk] SSH2_CONNECT
Drat! That's my favorite reading. :)
Couple more ideas, based on an OS perspective. If it's a PHPism, I'm
not
so good...
If the copy_sites program is a script and not a binary, edit it
early on
to create a temporary file. For example, put in a like "echo guido >
/tmp/woo-hoo". See if it writes it. If so, then it's choking on the
script. If not, then it's not getting to the script.
Also, have it echo $id to a temp file to make sure the variable
substitution is happening correctly.
Hope that helps.
Leam
Michele Waldman wrote:
I didn't see anything in /var/log/messages.
Michele
-----Original Message-----
From: talk-boun...@lists.nyphp.org [mailto:talk-
boun...@lists.nyphp.org]
On Behalf Of Leam Hall
Sent: Friday, July 31, 2009 7:58 PM
To: NYPHP Talk
Subject: Re: [nyphp-talk] SSH2_CONNECT
Hey Michele.
Can you edit /etc/sudoers? You might be able to give it the NOPASSWD
option, to at least shorten it a bit.
Can you read /var/log/messages and the web server log to see if they
say
anything?
Leam
Michele Waldman wrote:
So I rewrote the code in bash due to my client's concern about
bandwidth.
Here's my new problem:
$msg = exec("echo $password | sudo
/home/user/site_util/copy_sites $id
2>
/dev/null");
The script isn't running.
Since it's running from http, I modified the user nobody to have
/bin/bash
in /etc/passwd and gave the user a password.
I can login to the server as nobody and run this code on the command
line.
Works fine.
Does anyone know why this execute isn't working in php?
Michele
-----Original Message-----
From: talk-boun...@lists.nyphp.org [mailto:talk-
boun...@lists.nyphp.org]
On Behalf Of Kenneth Dombrowski
Sent: Friday, July 31, 2009 7:33 AM
To: NYPHP Talk
Subject: Re: [nyphp-talk] SSH2_CONNECT
On 09-07-30 17:05 -0400, Ajai Khattri wrote:
Most probably your PHP script will be running under the same
username
as
Apache (i.e. www or nobody) so sudo wouldn't work anyway. (And you
wouldn't want to give www or nobody sudo privilege anyway!).
All this talk about sudo not working made me curious -- why
shouldn't
it
work? It will, and a well configured sudo offers a very fine level
of
control -- though whether one wants to do it is another question
# visudo
Defaults:www-data !lecture
Defaults:www-data !authenticate
www-data ALL = (kenneth) /usr/bin/touch /tmp/sudoer.apache
The first two lines get rid of sudo's usual prompts, since it will
never
run interactively, & the last specifies a single command + argument
www-data is allowed to run as kenneth (you can use shell-style
globs)
# sudo.php
<?php
header('Content-type: text/plain');
$f = '/tmp/sudoer.apache';
system("sudo -u kenneth /usr/bin/touch $f");
print "\n$f exists? " . (bool) file_exists($f);
kenn...@gilgamesh:~$ elinks --dump http://localhost/tmp/sudo.php
/tmp/sudoer.apache exists? 1
kenn...@gilgamesh:~$ ls -l /tmp/sudoer.apache
-rw-r--r-- 1 kenneth kenneth 0 2009-07-30 19:52 /tmp/sudoer.apache
So on debian, www-data successfully created a file as kenneth. On
FreeBSD
I think www/nobody/whatever has a /bin/false shell, so there it
won't
work. Of course, you shouldn't do it on shared hosts, and I'm sure
somebody will tell me you shouldn't do it at all, but its not
due to
a
technical limitation
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
Please DO NOT use Leam's example...
"Defaults requiretty" is a global sudoers security default, change the
default at the user level... or, again; Don't do it at all.
--
<img src="http://covenantedesign.com/logo.jpg"; border ="0">
995 Maple Hill Road
Castleton, New York 12033
518-331-5061
cons...@covenantedesign.com
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
![http://covenantedesign.com/logo.jpg"](http://covenantedesign.com/logo.jpg"){kind=link}