0

I want to run a "sudo" command from the PHP and I have read all the tutorials on the web, but no solution works. At least I've added the default "nobody" user of LAMP to the root group – but no effect.

echo exec("sudo echo hi");

A note on security:

While some people here are downvoting this due to their strong belief that this will create a big security hole that will destroy the entire Internet, there are some valid cases for this, e.g., in testing. Running setup scripts from PHPUnit / Behat suites to configure the environment may require sudo permission. Those scripts are not accessible from the application and do not create security holes, as the matter of fact they help to ensure such holes are not present.

Improve this question
2
  • 6
    do not do that. it's a huge security hole. Commented Sep 13, 2011 at 8:16
  • 1
    should not encourage others by this type of question as this creates big security issue. Commented Feb 2, 2014 at 10:34

5 Answers 5

Reset to default
9

Adding users to the root group does not give them sudo rights, that is what /etc/sudoers is for.

To be honest, what you're trying to do sounds like a giant security hole

EDIT: copied from comments...

My suggestion would be something like, setting up a cron under the root user, that checks against a file or db that your PHP can write to, parses it, and remove the users you've specified.

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

Well, I thought of creating a biiig, big security hole and I surely wanted to avoid this! So you see how desperate I am :-D May you give me a good and safe solution? (Just for informational reason: I am trying to add and remove FTP users with php..)
All you've told us is that you want to run a command. Without knowing what you're trying to accomplish, how can we try and point you at a better solution?
My suggestion would be something like, setting up a cron under the root user, that checks against a file or db that your PHP can write to, parses it, and remove the users you've specified.
Shouldn't be, you can generally use db cli commands to output specific queries to STDOUT iirc.
I think there are other people better suited to answer that. Perhaps open a new question?
|
1

I think you should run chmod u+s on your script. Or maybe ug+s (Depending on your need). This way you will have su access.

Improve this answer

Comments

0

you should add your web-server user to /etc/sudoers file

Improve this answer

Comments

0 
<?php

phpinfo();

?>

You first need to find the user of your webserver and give them root privialges, the above code will tell you this, but as others say THIS IS A MASSIVE SECURITY HOLE and I strongly do not recommend it.

Improve this answer

Comments

0

All the security stuff aside, this is possible. Indeed as Jon Stirling has stated, adding users to a specific group is not going to help you. You need to specify the correct sudo lines with "visudo" as root, eg:

nobody ALL=(root) NOPASSWD:/usr/bin/echo hi

This will let the user root, execute the command "/usr/bin/echo hi" as the user root.

Now for executing it via PHP:

echo exec("/usr/bin/sudo -u root /usr/bin/echo hi");
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.