5

I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.

I have done the following.

Created my bash script file script_test.sh

#!/bin/bash

whoami
echo $USER
echo 'test'

exit

when I run this from CLI, using 

./ script_test.sh

It does indeed work and I can see the info echoed out in the CLI.

I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.

I created my php page (php_test.php) and it contains the following

<?php

    chdir('/path/to/my/files/');
    shell_exec('./script_test.sh');  // ATTEMPT RUN SCRIPT
    shell_exec('/path/to/my/files/script_test.sh');  // ATTEMPT RUN SCRIPT

    echo 'test 123';  // SIMPLE ECHO IN THE PHP PAGE
?>

I then ran the following to modify the sudoers file, giving www-data access to the bash script

sudo nano /etc/sudoers

to which I added the following line

www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh

I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command

sudo chmod 777 script_test.sh

From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.

Is there another log that could contain clues on this?

What else should I check here?

Improve this question
1

2 Answers 2

Reset to default
0

The result of shell_exec() is returned as string. To display it in your browser, simply add echo.

<?php

    chdir('/path/to/my/files/');
    echo shell_exec('./script_test.sh');  // ATTEMPT RUN SCRIPT
    echo shell_exec('/path/to/my/files/script_test.sh');  // ATTEMPT RUN SCRIPT

    echo 'test 123';  // SIMPLE ECHO IN THE PHP PAGE
?>

See the Return Values in the manual:

The output from the executed command or NULL if an error occurred or the command produces no output.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

-1

Can you try to use passthru instead of shell_exec, and see the output anything?

Also try this, and see if it shows on the log file:

if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");

Also, are you running PHP with the www-data user (check your fpm pool)? Do you have any error on /var/log/syslog or /var/log/auth.log ? Have you restarted the server after changing the sudo permissions?

What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?

Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?

Improve this answer

9 Comments

www-data is the user that PHP is running as. I ran the PHP snippet at the top of your post/message but it DID report the script as found, but the shell_exec and passthrough attempt with the nohup-based command did NOT generate anything at all. neither of the log files you mentioned show me any clues at all either.
obvious question... but is shell_exec allowed on php.ini ? Does <?php echo ini_get('disable_functions'); ?> print anything useful? How about the other commands, do they work on the command line directly?
@peixogorms when I run that I get the following disabled functions from my ini file - identical to what I see in phpinfo()... pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,File
Note that if PHP is running in safe mode, shell_exec won't work. php.net/manual/en/function.shell-exec.php Try to remove all those and try again. Also, does something more basic works? <?php $output = shell_exec('ls -lart'); echo "<pre>$output</pre>"; ?>
@peixogorms I see that safe mode was deprecated as of php 5.3 and removed as of php 5.4, I'm running PHP 7 and will investigate how to enable exec and / or shell_exec. No output using that snippet either.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.