Run PHP shell_exec() like root user
Executing commands as root via PHP will leave yourself wide open to all sorts of malicious hackery.
Have a look at the "sudo" documentation.
You should be able to set up all the commands you need as "sudo"able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.
As in:
exec ('sudo getCurrentUser.sh')
First, you need to add the user that PHP is using to run (most of the time it is www-data
) to the sudo group if it is not already assigned.
Then, in your php file:
use sudo -S, so you can pass the password via echo
$exec = "echo your_passwd | /usr/bin/sudo -S your command";
exec($exec,$out,$rcode);
if you have trouble with the paths - use
"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'"
so you get a new bash that acts like a login shell and has the paths set
Unabel to Run BASH Script as Root in PHP Exec
Here is the answer:
We use mpm-itk (version 2.4.7-02) with apache 2.4 and it works
perfectly. The only thing to consider here are the new configuration
directivesLimitUIDRange
and
LimitGIDRange
These directives define, which UIDs and GIDs mpm-itk can use (via
setuid/setguid). As you obviously want it to be able to become root,
your lower range must be ID 0. The following configuration will work
here:<IfModule mpm_itk_module>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>
Be aware, the the upper border should include all user UID/GID
combinations that you want to use within your configuration via
AssignUserID.Note that you can configure this for each virtual host you have. Note
too, that you need a Linux kernel 3.5.0 or higher for this.
https://askubuntu.com/questions/491624/setresuid-operation-not-permitted-when-calling-via-php
On RedHat flavours you will need to add the module manually to /etc/httpd/conf/httpd.conf (or wherever your conf file lies).
Execute root commands via PHP
Read this whole post before trying it out, there are choices to be made.
Solution using a binary wrapper (with suid bit)
1) Create a script (preferrably .sh
) that contains what you want to be ran as root.
# cat > php_shell.sh <<CONTENT
#!/bin/sh
/sbin/service sshd restart
CONTENT
2) This file should be owned by root, and since it will later run with root permissions make sure that only root has permission to write to the file.
# chown root php_shell.sh
# chmod u=rwx,go=xr php_shell.sh
3) To run the script as root no matter what user that executes it, we will need a binary wrapper. Create one that will execute our php_shell.sh
.
# cat > wrapper.c <<CONTENT
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int
main (int argc, char *argv[])
{
setuid (0);
/* WARNING: Only use an absolute path to the script to execute,
* a malicious user might fool the binary and execute
* arbitary commands if not.
* */
system ("/bin/sh /path/to/php_shell.sh");
return 0;
}
CONTENT
4) Compile and set proper permissions, including the suid bit (saying that it should run with root privileges):
# gcc wrapper.c -o php_root
# chown root php_root
# chmod u=rwx,go=xr,+s php_root
php_root
will now run with root permissions, and execute the commands specified in php_shell.sh
.
If you don't need to the option to easily change what commands that will be executed I'd recommend you to write the commands directly in wrapper.c
under step 4. Then you don't need to have a binary executing a external script executing the commands in question.
In wrapper.c
, use system ("your shell command here");
to specify what commands you'd like to execute.
Related Topics
Create Programmatically a Variable Product and Two New Attributes in Woocommerce
Add Columns to Admin Orders List in Woocommerce
Selecting Multiple Array Elements
PHP Pdo VS Normal MySQL_Connect
How to Insert Multiple Checkbox Values into a Table
Regex for Names with Special Characters (Unicode)
Select Entries Between Dates in Doctrine 2
Extending the Controller Class in Codeigniter
How to Create Codeigniter Batch Insert Array
Regex Backreference to Match Different Values
PHP Curl Curlopt_Ssl_Verifypeer Ignored