How to Run PHP Exec() as Root

Run PHP shell_exec() like root user

Executing commands as root via PHP will leave yourself wide open to all sorts of malicious hackery.

Have a look at the "sudo" documentation.

You should be able to set up all the commands you need as "sudo"able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.

As in:

exec ('sudo getCurrentUser.sh')

First, you need to add the user that PHP is using to run (most of the time it is www-data) to the sudo group if it is not already assigned.

Then, in your php file:

use sudo -S, so you can pass the password via echo

$exec = "echo your_passwd | /usr/bin/sudo -S your command";
exec($exec,$out,$rcode);

if you have trouble with the paths - use

"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'"

so you get a new bash that acts like a login shell and has the paths set

Unabel to Run BASH Script as Root in PHP Exec

Here is the answer:

We use mpm-itk (version 2.4.7-02) with apache 2.4 and it works
perfectly. The only thing to consider here are the new configuration
directives

LimitUIDRange

and

LimitGIDRange

These directives define, which UIDs and GIDs mpm-itk can use (via
setuid/setguid). As you obviously want it to be able to become root,
your lower range must be ID 0. The following configuration will work
here:

<IfModule mpm_itk_module>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>

Be aware, the the upper border should include all user UID/GID
combinations that you want to use within your configuration via
AssignUserID.

Note that you can configure this for each virtual host you have. Note
too, that you need a Linux kernel 3.5.0 or higher for this.
https://askubuntu.com/questions/491624/setresuid-operation-not-permitted-when-calling-via-php

On RedHat flavours you will need to add the module manually to /etc/httpd/conf/httpd.conf (or wherever your conf file lies).

Execute root commands via PHP

Read this whole post before trying it out, there are choices to be made.


Solution using a binary wrapper (with suid bit)

1) Create a script (preferrably .sh) that contains what you want to be ran as root.

# cat > php_shell.sh <<CONTENT
#!/bin/sh
/sbin/service sshd restart
CONTENT

2) This file should be owned by root, and since it will later run with root permissions make sure that only root has permission to write to the file.

# chown root php_shell.sh
# chmod u=rwx,go=xr php_shell.sh

3) To run the script as root no matter what user that executes it, we will need a binary wrapper. Create one that will execute our php_shell.sh.

# cat > wrapper.c <<CONTENT
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int
main (int argc, char *argv[])
{
setuid (0);

/* WARNING: Only use an absolute path to the script to execute,
* a malicious user might fool the binary and execute
* arbitary commands if not.
* */

system ("/bin/sh /path/to/php_shell.sh");

return 0;
}
CONTENT

4) Compile and set proper permissions, including the suid bit (saying that it should run with root privileges):

# gcc wrapper.c -o php_root
# chown root php_root
# chmod u=rwx,go=xr,+s php_root

php_root will now run with root permissions, and execute the commands specified in php_shell.sh.


If you don't need to the option to easily change what commands that will be executed I'd recommend you to write the commands directly in wrapper.c under step 4. Then you don't need to have a binary executing a external script executing the commands in question.

In wrapper.c, use system ("your shell command here"); to specify what commands you'd like to execute.



Related Topics



Leave a reply



Submit