I am running a cli-script, that requires a exec('sudo ...'); call. I know it is not safe on the web, but how can it be done in cli? The script is executed by a user known as "btcdbit", who is in the sudoers file.
Add a comment
|
3 Answers
In my experience setting the NOPASSWD option doesn't always work and even if it does it seems unsafe. Seems to me that a better approach - if you're able to use it - would involve using phpseclib to do sudo through SSH. eg.
<?php
include('Net/SSH2.php');
$sftp = new Net_SSH2('www.domain.tld');
$sftp->login('username', 'password');
echo $sftp->read('username@username:~$');
$sftp->write("sudo ls -la\n");
$output = $sftp->read('#Password:|username@username:~\$#', NET_SSH2_READ_REGEX);
echo $output;
if (preg_match('#Password:#', $lines)) {
$ssh->write("password\n");
echo $sftp->read('username@username:~$');
}
?>
The website "sudo in php" elaborates
Comments
So long as btcdbit is in sudoers for the program that you want it to be able to run, you should be able to use any of the PHP functions like exec or system to run it. Make sure that you use the NOPASSWD option in sudoers (see http://www.ducea.com/2006/06/18/linux-tips-password-usage-in-sudo-passwd-nopasswd/ for example) if you don't want it to get caught up asking btcdbit for a password.
2 Comments
macintosh264
what if btcdbit does not have a password
imm
@macintosh264, I would try setting it up with the NOPASSWD option anyway. Can you clarify what you're experiencing when you attempt to run
exec through the php program? Does it just get "stuck"?It should be just as simple as exec('/usr/bin/sudo {script}').
