Geek Answers Handbook

PHP sudo in shell_exec

I want to execute the root command using shell_exec. Now I know that this is dangerous, but believe me, you need to log in with MOD_AUTH and have the correct privileges to come to this page. It's safe. How can i do this?

+8
php shell shell-exec root sudo
source share
6 answers

For this, you can use the latest version of SVN phpseclib, a pure implementation of PHP SSH . eg.

<?php include('Net/SSH2.php'); $ssh = new Net_SSH2('www.domain.tld'); $ssh->login('username', 'password'); $ssh->read('[prompt]'); $ssh->write("sudo command\n"); $ssh->read('Password:'); $ssh->write("Password\n"); echo $ssh->read('[prompt]'); ?>
+11
source share

The problem is not that your page is or is not protected, the problem is that providing the php page with the ability to run some sudo command will give it to all pages, including any code you enter on any insecure page on any site on the server.

However, it would be better to make a shell script that does only one job that needs to be done, and then give the http user access only to this ONE command as sudo

 http ALL=(ALL) NOPASSWD:/user/local/bin/your_wrapper_script.sh
+13
source share

Definitely not recommended. However, you will want to study editing the sudoers file and add that the custom php works like NOPASSWD for the command you need to run. This will allow sudo to execute one command without entering a password.

If you need more teams, add more to it. Sudoers configuration I know that the forum / post is based on debian, but sudo is not strictly debian, and this should help you with the sudo configuration parameters you need to express this.

+3
source share

I just google'd for php sudo shell_exec and it turned out as a match # 1:

http://www.php.net/manual/en/function.shell-exec.php#101440

ilya at linemedia dot ru 16-Dec-2010 04:36
sudo can be executed without saving the passage in the file

 system('echo "PASS" | sudo -u root -S COMMAND');
+2
source share
 $aux=echo "admin-pass" | your command; echo $aux;

/ ********************************* ************ Example ***** ******** ********************************* /

Run a Perl script called my_perl_script.pl :

 $aux=echo "admin-pass" | sudo -u root -S perl /path-to-the-script/my-perl-script.pl; echo $aux;
0
source share

The best way to do this is:

 $descriptorSpec = array( 0 => STDIN, 1 => STDOUT, 2 => STDERR, ); if (posix_getuid() === 0) { echo "Root\n"; } else { echo "No root\n"; $command = 'sudo ' . PHP_BINARY . ' ' . implode(' ', $_SERVER['argv']); $pipes = []; $process = proc_open($command, $descriptorSpec, $pipes); if (is_resource($process)) { proc_close($process); } }

It runs the same command again, with sudo prefixed.

0
source share

More articles:


All Articles