0

I want to reload my nginx after some scenarios on my php web application with exec_shell function in php like this :

shell_exec('sudo sh /var/www/camva/subdomain.sh');

This code run after every request for reloading nginx on my route.php file.

Also my subdomain.sh shell file contains :

#!/bin/bash
sudo /etc/init.d/nginx restart

But I give this response after every request :

Reloading nginx ... fail !

I don't know why this scenario happened but I can run this command in my root with terminal command same as "sudo /etc/init.d/nginx restart" and give correct response about reloading nginx !

Thanks for your help.

Improve this question
1

1 Answer 1

Reset to default
-1

To haphazard a guess, you're trying to execute a shell script as root using an account that probably doesn't have root access. Nginx should be running as a user that does not have root access. What you can try to do is to chmod the permissions on the script file accordingly so that it runs as root even when another user activates it.

First make root the owner of the script you want to run (subdomain.sh). Run these commands in CLI, not in your script.

sudo chown root.root /var/www/camva/subdomain.sh

Then make the script file executable by all and writable only for root.

sudo chmod 4755 /var/www/camva/subdomain.sh

Now the nginx user should be able to execute the script but not change the file content.

That said, I'm wondering why you need to reload the server and if, perhaps, there's a better solution to the overarching problem you are trying to solve.

I will point out that adding your nginx user to the sudoers file is absolutely not the right answer and poses security concerns.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

I create subdomain for users and create vhosts files for every users. I need nginx reload for vhosts working.
@user239546 on the contrary, the sudoers file is EXACTLY the right thing for this. It is, in fact, the reason why it exists. The link I posted under the OP's question should help clear up your confusion with security. You sure as hell don't want to be running anything as root. Yikes.
Ah I see. I've used the above permissions approach a few times in cases where I had no other approach for one thing or another I wanted to do in Jenkins.
rjdown - adding nginx user to sudoer gives a malicious injection the ability to run "SUDO" commands pretty freely on the box hosting the server. My solution - while still not ideal - prevents a malicious user from breaking out of the constraints of what the script already does.
"adding nginx user to sudoer gives a malicious injection the ability to run "SUDO" commands pretty freely on the box hosting the server" - NO! It will be limited ONLY to the commands that you list, e.g. /etc/init.d/nginx restart. Again, that is the WHOLE POINT of the sudoers file. Please, go read the manual before you touch another server.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.