Best IT Recipes

Executing root commands through PHP

I have a CentOS 5.7 linux server and use php5.3.x.

On pfSense, you can restart services that require root privileges using the php webpage.

I'm trying to do something like this, I wrote php code to execute shell commands. For example, to restart the sshd service:

<?php exec('/sbin/service sshd restart'); ?>

and I tried to execute this command using the exec function, but this requires root permission, but we have apache user permissions.

I came across several solutions:

  • "running apache with root user" is really unsafe. I do not want to do this.
  • "apache ALL = NOPASSWD: / sbin / service for / etc / sudoers" I tried, but there is still a problem.

Any other solutions? Thanks for answers.



now .. it's interesting. I tried sending an @refp message and it worked on my local ubuntu server. But when I tried the same thing on my vps cenOS server. This does not work. And this is the apache error log. Rm: cannot delete `/ var / lock / subsys / vsftpd ': Permission denied"

+49
php apache root permissions
Dec 16 2018-11-11T00:
source share
5 answers

Read the entire post before trying it; there is a choice.



Binary shell solution (with suid bit)

1) Create a script (preferably .sh ) that contains what you want to run as root.

 # cat > php_shell.sh <<CONTENT #!/bin/sh /sbin/service sshd restart CONTENT

2) This file must be owned by root, and since it will work as root, make sure that only root has write permission to the file.

 # chown root php_shell.sh # chmod u=rwx,go=xr php_shell.sh

3) To run the script as root, no matter which user runs it, we need a binary shell. Create the one that runs our php_shell.sh .

 # cat > wrapper.c <<CONTENT #include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main (int argc, char *argv[]) { setuid (0); /* WARNING: Only use an absolute path to the script to execute, * a malicious user might fool the binary and execute * arbitary commands if not. * */ system ("/bin/sh /path/to/php_shell.sh"); return 0; } CONTENT

4) Compile and set the correct permissions, including the suid bit (saying that it should run with root privileges):

 # gcc wrapper.c -o php_root # chown root php_root # chmod u=rwx,go=xr,+s php_root

php_root will now run as root and execute the commands specified in php_root.sh .



If you do not need to easily change which commands will be executed, I would recommend that you write the commands directly in wrapper.c under step 4 . Then you do not need to have a binary file executing an external script executing the corresponding commands.

In wrapper.c use system ("your shell command here"); to indicate which commands you want to execute.

+86
Dec 16 2018-11-11T00:
source share

I would not have PHP execute any sudo commands. For me it sounds like asking for trouble. Instead, I would create two separate systems.

The first system in PHP (web tier) will handle user requests. When a request is made that requires the sudo command, I would place this request in some queue. It can be a database of some kind or mid-level, such as ZeroMQ.

The second system (business layer) will read or receive messages from this queue and will be able to execute sudo commands, but will not be part of your web server process.

I know this is a bit vague and it can be solved differently with different technologies, but I think this is the best and safest way.

+21
Dec 16 '11 at 10:49
source share

Allow www-data user to run program1 and program2 without password:

 sudo visudo

Add to the contents of the sudoers file:

 User_Alias WWW_USER = www-data Cmnd_Alias WWW_COMMANDS = /sbin/program1, /sbin/program2 WWW_USER ALL = (ALL) NOPASSWD: WWW_COMMANDS

Save.

from https://askubuntu.com/questions/76920/call-a-shell-script-from-php-run-as-root

+5
Jan 04 '16 at 16:33
source share

I recently published a project that allows PHP to receive and interact with a real Bash shell, it will easily give you a shell registered as root. Then you can just execute individual Bash commands, rather than binding, then in a script. This way you can also handle the refund. Get it here: https://github.com/merlinthemagic/MTS

After downloading, you simply use the following code:

 $shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true); $return1 = $shell->exeCmd('service sshd restart'); echo $return1; //On CentOS 7 output would be like: //Redirecting to /bin/systemctl restart sshd.service //On CentOS 6 and lower output would be like: //Stopping sshd: [ OK ] //Starting sshd: [ OK ]
+2
May 17 '16 at 10:15
source share

Binary shell solution (with suid bit). Some modification of the message Filip Roséen - refp .

To execute any command modified by wrapper.c

 #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> #include <string.h> int main (int argc, char **argv) { setuid (0); char cmd[100] = ""; int i; char *p; for(i=0; i < argc; i++) { if(i != 0){ strcat(cmd, *(argv+i)); strcat(cmd, " "); } } system (cmd); return 0; }

Compile and set the appropriate permissions;

  gcc wrapper.c -o php_root # php_root can be any name. chown root php_root chmod u=rwx,go=xr,+s php_root

Now call with PHP. Run any command.

  shell_exec('./php_root '.$cmd);//execute from wrapper
+2
Feb 14 '18 at 4:58
source share


More articles:


All Articles