PHP shell_exec() and sudo: must be setuid root

Question

I have a shell_exec() command that accesses a directory above my document root so I need to use sudo "as root" to make it happen. (I understand the security issues and am putitng in measures to address it).

The issue is when I run the shell_exec() I get a "sudo: must be setuid root" error in my apache error_log file.

I thought the solution was to chmod 4750 the bash script that is called by my sheel_exec() but that does not do the job.

What exactly is "sudo: must be setuid root" trying to tell me and how might I resolve it?

Answer 1

Is the sudo executable itself setuid root? You may need to

chown root: /usr/bin/sudo
chmod u+s /usr/bin/sudo

Answer 2

Alternatively, skip sudo altogether. If your script is owned by root and has its own setuid bit set, then you don't need to use sudo to get root privileges. In fact, it can be more secure that way; you guarantee that your web user can only use that script, without having to edit sudoers. To do so, remove sudo from your shell_exec() line:

<?php
    shell_exec('/path/to/your/command');
?>

Answer 3

Did you check the permissions for your script?

Who is owning the script?

Does the web user has the rights to sudo?

Answer 4

To fix this problem you need to chown and chmod sudo file as root as below.

chown root:root /usr/bin/sudo
chmod 4111 /usr/bin/sudo
chmod 0440 /etc/sudoers