run bash script as root from php page

Question

I have a php page.

It calls a validation bash script that checks variables passed from the php page.

I then call another bash script that I need to execute under root user. I have followed the guide here How to run from PHP a bash script under root user and still can not get script to execute as root.

I have the following:

php page

$bashFile = shell_exec('./Validation.sh "'.$coinName.'" "'.$coinNameAbreviation.'" "'.$blockReward.'" "'.$blockSpacing.'" "'.$targetTimespan.'" "'.$totalCoins.'" "'.$firstBitAddy.'" "'.$seedNode.'" "'.$seedName.'" "'.$headline.'" ');
echo "<pre>$bashFile</pre>";

the validation file:

sudo nohup /bin/bash /usr/sbin/CoinCreationBashFile "$coinName" "$coinNameAbreviation" "$blockReward" "$blockSpacing" "$targetTimespan" "$totalCoins" "$firstAddyBit" "$seedNode" "$nameSeedNode" "$headline" "$blocksPerDay" "$startingDifficulty" >> /tmp/BASH2log.txt 2>&1 &

I have added

www-data ALL=NOPASSWD /usr/sbin/CoinCreationBashFile

to the end of the sudo visudo

and did:

chown root:root /usr/sbin/CoinCreationBashFile
chmod 755 /usr/sbin/CoinCreationBashFile

was running it from usr/sbin from suggestion here http://ubuntuforums.org/showthread.php?t=1848069 Can anyone see what I am doing wrong?? Many thanks edit: I can run the CoinCreationBashFile script without the sudo command and it runs ok up to one point where it needs root priv... so i know the script working, and executing from the terminal the script runs perfectly as desired. output in tmp/BASH2log.txt

sudo: no tty present and noaskpass program specified

Answer 1

This question is similar to sudo in php exec() and they did not arrive at a conclusion.

In your case, since only one bash script needs to be executed in this fashion, considering using setuid instead:

$ su
[enter password]
chown root:root something.sh
chmod 4755 something.sh
exit

Note: Some Linux distributions disable setuid for shell scripts by default for security reasons.

Update: Apparently no commonly used Linux distribution today allows setuid on shell scripts. Perl used to be the exception, but suid-perl is now deprecated.

The only way to execute your bash script using this method is to invoke it from a compiled binary. See the example with the C code on how to do this.

Answer 2

I recently published a project that allows PHP to obtain and interact with a real Bash shell, you can easily get a shell with root. Get it here: https://github.com/merlinthemagic/MTS

After downloading you would simply use the following code:

$shell    = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);

$strCmd = "/usr/sbin/CoinCreationBashFile ".$coinName." ".$coinNameAbreviation." ".$blockReward." ".$blockSpacing." ".$targetTimespan." ".$totalCoins." ".$firstAddyBit." ".$seedNode." ".$nameSeedNode." ".$headline." ".$blocksPerDay." ".$startingDifficulty." >> /tmp/BASH2log.txt 2>&1 &";
$return1  = $shell->exeCmd($strCmd);

//if there is any return from the script you can wait for the return
//or you can trigger like you have it now and get no return.

Answer 3

You have a typo in visudo entry. There is no R in the NOPASSWD. It should be:

www-data ALL=NOPASSWD /usr/sbin/CoinCreationBashFile