Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Apr 2011
    Posts
    49
    Thanks
    14
    Thanked 0 Times in 0 Posts

    PHP execute linux terminal command (bash Script)

    Hi everyone, i'm trying to get it so when i visit my webpage called start.php it executes the command (/bigbrotherbot start) in the terminal which then should start the process on my linux machine.

    I'm currently using this code


    Code:
    <?php
    shell_exec('sudo /bigbrotherbot start');
    ?>
    This script doesn't appear to do anything though. I'm very new to php and would really appreciate the help.

    P.S the file bigbrotherbot is the bash script which works if i actually go to the terminal myself and type /bigbrotherbot start yet when i try to make the php do it it doesnt do anything.

    any ideas?

  • #2
    New Coder
    Join Date
    Apr 2011
    Posts
    11
    Thanks
    0
    Thanked 2 Times in 2 Posts
    What are the permissions on the script? If it needs sudoer's permissions, to run, it simply won't execute (how is Apache going to provide the password, after all?)

    (Have to add, I don't like the idea of running a script right out of the root of your partition, either).
    Last edited by tracer_tong; 04-06-2011 at 03:55 PM.

  • #3
    New Coder
    Join Date
    Apr 2011
    Posts
    49
    Thanks
    14
    Thanked 0 Times in 0 Posts
    thats the problem, i know nothing about php and very little about linux. i set the bigbrotherbot file to chmod 777. Apart from that i dont know what to do.
    Last edited by tim967; 04-06-2011 at 04:24 PM.

  • #4
    New Coder
    Join Date
    Apr 2011
    Posts
    11
    Thanks
    0
    Thanked 2 Times in 2 Posts
    I'd be inclined to set up a special user account - with rights to do absolutely nothing, except run these special scripts. Move the script up into, say, the ~/bin directory of this special user's home directory, give the script 'execute' rights to members of the (also very low privileged) group, that this new special user belongs to, and then add Apache (or whichever user is actually running PHP scripts on your Linux version) to that group. Then, make sure that only this special user and Apache/PHP are members of this new special group. That sort of goes a fair way towards sandboxing who is allowed to do what, while giving enough control to the PHP parser to actually do its job.

    Then, you call your scripts using their full path, as in:
    Code:
    sh /home/pariah/bin/specialscript
    I'd also go the belt-and-bracers route, and wrap any text that gets passed to the shell execution functions in the likes of escapeshellcmd(), to prevent any nastiness from happening.

    (It is relatively easy to secure a Unix system, but it is also relatively easy to make it insecure as well: install KDE 1.0 on any decent modern Linux, set up a cron job that will cause a Kernel panic every half hour and then go:

    sudo chmod -R 777 /

    ...congratulations: you just reinvented Windows 98.)
    Last edited by tracer_tong; 04-06-2011 at 06:15 PM.

  • Users who have thanked tracer_tong for this post:

    tim967 (04-06-2011)

  • #5
    New Coder
    Join Date
    Apr 2011
    Posts
    49
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tracer_tong View Post
    I'd be inclined to set up a special user account - with rights to do absolutely nothing, except run these special scripts. Move the script up into, say, the ~/bin directory of this special user's home directory, give the script 'execute' rights to members of the (also very low privileged) group, that this new special user belongs to, and then add Apache (or whichever user is actually running PHP scripts on your Linux version) to that group. Then, make sure that only this special user and Apache/PHP are members of this new special group. That sort of goes a fair way towards sandboxing who is allowed to do what, while giving enough control to the PHP parser to actually do its job.

    Then, you call your scripts using their full path, as in:
    Code:
    sh /home/pariah/bin/specialscript
    I'd also go the belt-and-bracers route, and wrap any text that gets passed to the shell execution functions in the likes of escapeshellcmd(), to prevent any nastiness from happening.

    (It is relatively easy to secure a Unix system, but it is also relatively easy to make it insecure as well: install KDE 1.0 on any decent modern Linux, set up a cron job that will cause a Kernel panic every half hour and then go:

    sudo chmod -R 777 /

    ...congratulations: you just reinvented Windows 98.)
    thanks i did as you said, i created a user called "b3" and a group called "b3group". i added b3 to b3group. I also added the user www-data to the b3group (i think my apache uses this username for some reason). I then executed the php script which is in /var/www/b3test/start.php and nothing happens. Any ideas? could you add me on msn or something, would be easier to talk,

    timtoday967@hotmail.co.uk

  • #6
    New to the CF scene
    Join Date
    Feb 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Post

    Quote Originally Posted by tim967 View Post
    thanks i did as you said, i created a user called "b3" and a group called "b3group". i added b3 to b3group. I also added the user www-data to the b3group (i think my apache uses this username for some reason). I then executed the php script which is in /var/www/b3test/start.php and nothing happens. Any ideas? could you add me on msn or something, would be easier to talk,

    timtoday967@hotmail.co.uk
    Hey I have the same problem. Can you help me with it? Did you manage to do it? is it possible for apache to run as another user that already exists?

  • #7
    Regular Coder
    Join Date
    Jan 2012
    Posts
    271
    Thanks
    2
    Thanked 65 Times in 65 Posts
    you need to give apache rights to sudo by adding an entry in the sudoers config...

    ggl search: add apache to sudoers


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •