13

I have a PHP webpage on my raspberry pi with 2 buttons (on and off) The on button button redirects to On.php The off button redirects to Off.php In "/usr/lib/cgi-bin" I have a python script that I would like to execute (script.py) I can perfectly execute it from the terminal by typing

cd /usr/lib/cgi-bin
sudo python script.py

It works if I do it from the terminal.

The problem is the PHP file (On.php) in my "/var/www" folder. This is what I wrote:

<?php
exec('cd /usr/lib/cgi-bin');
exec('sudo python script.py');
?>

Why is the script executing from the terminal, but not from my PHP?

Improve this question
1
  • Does your super user have a password? Commented Aug 4, 2015 at 14:01

3 Answers 3

Reset to default
18

You can't use sudo from a PHP script. Apache is running from an user (www-data generaly), so edit this file : /etc/sudoers

Then add this line : 

www-data ALL=(ALL) NOPASSWD:ALL

Care ! this will authorize all functions to be called by a PHP script, you can adapt changing "ALL" by your script or Python command.

Then precise your user in your exec command :

<?php
exec('sudo -u www-data python /usr/lib/cgi-bin/script.py')
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Does this remove passwords? Because i have the server port forwarded publicly. I wouldn't want anyone just entering my server.
It will remove password the user www-data, that's why you can ask NOPASSWD to some command, like NOPASSWD:python. It won't change something for other users.
Ok, i'm not an expert, i just wanted to make sure nobody could hack in my raspberry as the superuser or any other user.
This allows to use sudo without password, only the user www-data. This user can't connect through SSH so no risk.
sudo www-data without password is not safe at all. it's not about SSH, it's about Nginx, Apache2 or etc.. If one of the servers were exploited, it can execute remote commands. If it has root privilege, some happy some sad. It happens always.
4

Try this out, it should be working:

<?php 
system("cd /usr/lib/cgi-bin");
system("sudo python script.py");
?>

Or even this:

<?php 
system("cd /usr/lib/cgi-bin && sudo python script.py");
?>
Improve this answer

Comments

3

On an older Raspbian distribution you need to place your file in /var/www/file.py. So in your file.php you add:

{
    exec("sudo python /var/www/file.py");
}

On a newer Raspbian Jessie you need to place your file in /var/www/html/file.py, so in your file.php you need to add:

{
    exec("sudo python /var/www/html/file.py");
}

Or just any file.py

<?php
{
  exec("sudo python test.py");
}

?>

Note: For this to work you need to edit a file first to add these lines to allow passwordless sudo

sudo nano /etc/sudoers

then go to the bottom and add this

pi ALL=(ALL) NOPASSWD: ALL<br>
www-data ALL=(ALL) NOPASSWD: ALL
Improve this answer

3 Comments

Don't ever add www-data to sudoers with NOPASSWD: ALL! This can turn into a very big security problem. See @dotslash's comment above
yes is can if it is online this pi is just a house remote that is all. For the people that read the don't do this to control over the internet
So? If it's connected to a network, it can be compromised if someone tries hard enough. Just don't do it. There are better ways, such as Alberto Pagani's answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.