How to run from PHP a bash script under root user
You can use sudo:
exec("sudo /your/script");
You should allow executing your script without password prompt. Run sudo visudo
in console and add the following string to the end:
nobody ALL = NOPASSWD: /your/script
You must set up file mode properly to ensure that no one can modify this script and put dangerous contents into it (in root console):
chown root:root /your/script
chmod 755 /your/script
run bash script as root from php page
This question is similar to sudo in php exec() and they did not arrive at a conclusion.
In your case, since only one bash script needs to be executed in this fashion, considering using setuid instead:
$ su
[enter password]
chown root:root something.sh
chmod 4755 something.sh
exit
Note: Some Linux distributions disable setuid for shell scripts by default for security reasons.
Update: Apparently no commonly used Linux distribution today allows setuid on shell scripts. Perl used to be the exception, but suid-perl is now deprecated.
The only way to execute your bash script using this method is to invoke it from a compiled binary. See the example with the C code on how to do this.
Run PHP shell_exec() like root user
Executing commands as root via PHP will leave yourself wide open to all sorts of malicious hackery.
Have a look at the "sudo" documentation.
You should be able to set up all the commands you need as "sudo"able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.
As in:
exec ('sudo getCurrentUser.sh')
First, you need to add the user that PHP is using to run (most of the time it is www-data
) to the sudo group if it is not already assigned.
Then, in your php file:
use sudo -S, so you can pass the password via echo
$exec = "echo your_passwd | /usr/bin/sudo -S your command";
exec($exec,$out,$rcode);
if you have trouble with the paths - use
"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'"
so you get a new bash that acts like a login shell and has the paths set
How can I have a PHP script run a shell script as root?
You can't just sudo like that, you need to setup passwordless sudo first in /etc/sudoers file. This can be done with visudo command for example. Make sure you set up privileges in sudoers file in such way to constrain the apache user to that single command you wish to run (i.e. your shell script).
Even then, it poses a security risk, because anyone could create a PHP script and run your shell script in turn. So make sure that shell script itself is secure from alteration by Apache user.
The second part, killall, is even more problematic. You shouldn't just allow Apache to run killall with root privileges. You should wrap killall in another shell script and grant access to that in sudoers.
In the end: do not run Apache with root account and do not use setuid. Both open a can of worms, and since you are a newbie (given the question you asked) you are very likely to miss some of small details that would create potential problems.
Running some parts of the script with root and other parts with normal user
You need the non-evaluated user in some variable.
How you want to do this depends on your actual use case.
You can look at:
Nasty temp file:
echo "$USER" > /tmp/thatsme.tmp
su -
# Hmm, now hope nobody has changed the tmpfile doing the same trick
orguser=$(cat /tmp/thatsme.tmp)
rm /tmp/thatsme.tmp
Keep environment
export orguser="$USER"
su # Not su -
echo "orguser=${orguser}"
Proces ps -ef
and look for original user on the same tty you are on. (not recommended)
Call su - -c script additional parameter
and change your master script that it pulls the user from $1
.
run shell script from php as a specified user
I think i found a solution ( but still not sure about the security issues).
It only needs to change the default user (owner) and group of the httpd service. This can be done by editing the httpd.conf
located in /opt/lampp/etc
(if you are using Xampp). The default user, as I mentioned in the question, is daemon. However it has not permissions to run sudo commands, so it only needs to change that user by another one who has the permissions to run sudo commands (obviously the root user or your deafult user in Ubuntu).
Related Topics
PHP Post Limited to 1000 Variables
PHP Static Method Call with Variable Class Name and Namespaces
Firefox Error 'No Element Found'
Twig Problem with PHP 7.4 in Write Variable
Get Values Stdclass Object PHP
Pass a Variable to an Assetic Asset Url in Symfony2
PHP Associative Array Key Order (Not Sort)
How to Select a Result from the Select2 Search Results
Strip_Tags() Function Blacklist Rather Than Whitelist
Multiple Routes in Single Route::Get() Call Laravel 4
Check If Username Exists in MySQL Table via PHP
Modify HTML Attribute with PHP
Adding User Custom Field Value to Order Items Details
In PHP How to Access a ":Private" Array in an Object
Why Ob_Start() Must Come Ahead of Session_Start() to Work in PHP
How to Use File_Get_Contents or File_Get_Html