Trying to trigger a shell script with POST request (handled by nginx). No success so far.
What I have:
exec('whoami'); // nginx
nginx:x:220:498:Nginx web server:/var/lib/nginx:/sbin/nologin
As we can see, nginx user has no shell. Could that be a problem? Next,
nginx ALL=(user) NOPASSWD: /path/to/script.sh
If I change nginx to my real user, I can run sudo -u user /path/to/script.sh without password prompt, but for some reason I'm still asked for password if I run su -s /bin/bash -c /path/to/script.sh user. Perhaps, latter invokation is somewhat more suitable for the nginx user, since he has nologin shell.
So whenever I run exec('sudo -u user /path/to/script.sh'); or run some wrapper script with that line in it through PHP - nothing happens. I can't even identify what doesn't work, since no errors are thrown.
Any help would be much appreciated.
2>&1to the end of the command to get back the error output. Also if you want to execute/bin/bash, you need that as an entry in thesudoersfile. Alternatively you might want to create a wrapper script thatnginxcan simply execute and that can handle thesudoif it's suitable for your needsnginxtosudoersonly grants itsudoprivileges, notsu. The two are related, in that they perform similar purposes, but nevertheless separate. Historically,sudois a wrapper forsuwith additional usability features and access control mechanisms.sudoerrors are logged toauth.logwhich on modern LSB systems lives in/var/log. (Now let's hope you have read access :-)2>&1. Now it immediately sayssudo: sorry, you must have a tty to run sudo. Yes, I've already tried the wrapper script, which did exactly the same thingsudo -u ..., but, now, since I have errors showing, I can dig further.