?
Solved

How do I execute a shell script via PHP on Linux using wget on Windows XP and Vista?

Posted on 2008-11-03
23
Medium Priority
?
2,047 Views
Last Modified: 2013-12-26
I need to execute a bash shell script on RHEL 5.2 from a Windows XP or Vista workstation from both an intra-net and the internet. WGet seems to be a logical choice (no firewall considerations) and I can get it installed on all client machines. Using PHP or CGI seems the logical choice for wget to fire.

I have spent 10 hours today trying to work this out. I'm not a developer! Using a variety of PHP functions (system, exec, shell_exec, passthru) is can execute the scripts locally but not via wget. I suspect permissions.

I'm completely lost!

Thank you!

Some examples below...



 
<?php
shell_exec('sudo -u root -S /files/eid.sh < /home/$User/dir/dir/dir/passfile');
?>
 
<?php
system("nohup /var/www/cgi-bin/import/runworks.sh > /dev/null & echo $!;");
?>
 
<?php
exec("/usr/bin/sudo /var/www/cgi-bin/import/runworks.sh");
?>
 
runworks.sh
/news_root/navicat/./start_navicat /import localhost emeraldisland Contacts

Open in new window

0
Comment
Question by:RickSanson
  • 11
  • 9
  • 3
23 Comments
 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22873210
wget retrieves files or pages just like your browser does. In order for it to work, PHP needs to be able to execute it, so permissions 755 sound right to me. 750 should also do.

 To execute a program in PHP you can catch the output of STDOUT and STDERR so that you can troubleshoot the issue. For this, we can use the backtick operator (not the quote)

<?PHP

$sOutput=`/usr/bin/sudo /var/www/cgi-bin/import/runworks.sh 2&>1`;
echo $sOutput;

?>

We add 2&>1 to redirect file descriptor 2 (STDERR) to STDOUT so we can catch it in our variabele and show it to the user. So we also catch all the errors :)
0
 
LVL 3

Expert Comment

by:bishillo
ID: 22874910
To exec the php file using wget from a remote host, first try to load the url directly in a browser to check if it works. You will need having a web server configured. Did you have one ready?

Also consider not storing the password in a file like you do. That file should be readable, so any user will be able to use sudo, and become root.

If you need an unprivileged user like www-data to execute something as root you should better do the following:

1. execute visudo as root
2. add a line like:
www-data   ALL = NOPASSWD: /path/to/comand/its/able/to/exec1, /path/to/executable2
(it's using vi, so pess i to insert, finish with [ESC], and type :wq [ENTER] to exit.

Then the user www-data will be able to exec that commands without needing password.
0
 
LVL 2

Author Comment

by:RickSanson
ID: 22877867
Hi!
 
Thanks for the input!

This didn't work at all for whatever reason.

<?PHP
$sOutput=`/usr/bin/sudo /var/www/cgi-bin/import/runworks.sh 2&>1`;
echo $sOutput;
?>


I think it's getting closer...

New import.php script

#!/usr/bin/php
<?
exec('sudo /var/www/cgi-bin/test/import.sh');
?>


New import.sh

#!/bin/sh
cd /news_root/navicat
./start_navicat /import localhost emeraldisland SendStatus


Output of /var/log/httpd/error_log

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:

I am still quite lost!

Thank you!





0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22877925
If the backtick operator didn't work, then that functionality may be disabled in the php.ini file, which is not totally uncommon among webhosts to do this.

However, the first example, you are using apache2 PHP and in your second example, you are using PHP from the command line. Which are you using? The difference is that both have different .ini files.
0
 
LVL 2

Author Comment

by:RickSanson
ID: 22878127
I really don't know what I am doing! I'm learning (Thank you!) but still mostly clueless...

This server is mine so I can config are needed.

"...the first example, you are using apache2 PHP and in your second example, you are using PHP from the command line. Which are you using"

I don't know! I assumed that I needed the she-bang defined in post number 2. It that what is defining Apache2 PHP or not?

I can't imagine this is that hard but I am struggling with it for sure!

Any direction is appreciated!
0
 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22878266
If you are running the PHP script in a browser, then you have to remove the line with the she-bang.

If you are using the PHP as a commandline script then you need to include the she-bang online on the first line because it tells the system where the interpreter is.

You said you want to execute a Bash script on a Red Hat machine from anywhere in the world (intranet and internet). The easiest way to do that is setup an Apache on that Red Hat machine and execute a PHP script through your browser that launches the bash script.

For that, the back tick operator should work. Try this simple example, run the script in your browser and tell me what you get

<?PHP

$sVar = `echo hello`;
echo $sVar;

?>


0
 
LVL 2

Author Comment

by:RickSanson
ID: 22878726
In regards to a browser, no, wget only...

So I now assume she-bang required. I'm sorry I can't test right now!

I'm off to vote for the next bozo who thinks they can run a country! We should just kill ourselves now...

I'll report back here later!

Thank you!
0
 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22879123
Well, wget is a browser, it's just a command line browser, it retrieves a file from a webserver just like a browser would.


0
 
LVL 2

Author Comment

by:RickSanson
ID: 22879539
"Try this simple example, run the script in your browser and tell me what you get

<?PHP

$sVar = `echo hello`;
echo $sVar;

?>"

wget returns "hello"

Obviously successful! Thanks!

Now, I plug in the following script (now called test.php)


<?PHP
$sVar = `/var/www/cgi-bin/test/import.sh`;
?>

It runs import.sh but the actions that import.sh perform do not work. When running import.sh by itself import.sh runs are expected.

Now I turn to permissions I believe!

You are making progress Xyptilion2, please continue!

Thank you!


0
 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22879586
It is probably not working, because certain environment variables such as Path are not set. Try specifying the full paths to each command in your import script. So don't use "sendmail", but use "/usr/sbin/sendmail"...(without the quotes, but the full paths).

Goodluck!
0
 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22879765
Change it to:

<?PHP
$sVar = `/var/www/cgi-bin/test/import.sh 2&>1`;
echo $sVar;
?>

The 2&>1 will redirect STDERR to STDOUT, making the error messages visible for you when you print them in the PHP script, it should make debugging your import.sh script a lot easier.

0
 
LVL 2

Author Comment

by:RickSanson
ID: 22879865
BTW, I am running wget  -q -O- www.server.somedomain.com/cgi-bin/test/test.php from an XP box out on the net!

<?PHP
$sVar = `/var/www/cgi-bin/test/import.sh 2&>1`;
echo $sVar;
?>

This returned permission denied...

Working on sudo...

I added to sudoers

execuser        ALL=NOPASSWD: /var/www/cgi-bin/test/import.sh

And tried...

<?PHP
$sVar =`/usr/bin/sudo /var/www/cgi-bin/test/import.sh`;
?>

/var/log/httpd/access_log says.

password:

I'm trying here! Thanks again!


0
 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22879916
If you're running import.sh through wget, it will run as the user that runs the script.  If this is through apache, then this is most likely the www-data or nobody user. Make sure this user has execute permissions on all the commands inside import.sh and on import.sh itself :)
0
 
LVL 2

Author Comment

by:RickSanson
ID: 22880341
The import.sh kicks off another set of scripts

import.sh
!/bin/sh
cd /news_root/navicat
./start_navicat /import localhost emeraldisland SendStatus

These script are returning the errors in access_log and per you last instruction, I assume that these scripts are the scripts the require apache or nobody execute permissions.

On the directory (/var/www/cgi-bin/test) where both test.php and import.sh live, I did

chown -R nobody test
chmod -R 777 test

/var/log/httpd/error_log returns "sh: 1: Permission denied"

Then I did

chown -R apache test
chmod -R 777 test

/var/log/httpd/error_log returns " (13) Permission denied: access to /cgi-bin/test/test.php denied"

I am now as clueless as when I started!

I apologize for the lack of experience in this area! You were here too... :)




 





0
 
LVL 13

Expert Comment

by:Xyptilon2
ID: 22882824
Make sure who's running the script, perhaps you have a wrapper like SuExec installed, you can find out by doing the following:

<?PHP

echo get_current_user();

?>

Then make sure this user has execute permissions on import.sh and that import.sh (which is then running as that user also) has read permissions on your logfile.
0
 
LVL 3

Expert Comment

by:bishillo
ID: 22884185
Some suggestions:

  1. Don't storethe import.sh on an web server directly accesible path. PHP can execute files outside the /var/www so a better option will be /usr/local/bin/import.sh
  2. The first like should be #!/bin/sh (not !/bin/sh), your sample missed the #
  3. You must give 755 rights to /usr/local/bin/import.sh
  4. As Xyptilon2 told, use get_current_user() to see which user is executing the PHP, and add it to the /etc/sudoers. It will probably be www-data, so add:
    www-data    ALL=NOPASSWD:/usr/local/bin/import.sh
  5. The php file usually don't need exec permisions. Store it outside cgi-bin. It should be interpreted by mod_php, not as a cgi.
Good luck!
0
 
LVL 2

Author Comment

by:RickSanson
ID: 22885382
I've had a busy evening and have a busy day today. I'll resume today at some point, hopefully I'll have some time later this morning.

Thank you both!

I'll report back here later today!
0
 
LVL 2

Author Comment

by:RickSanson
ID: 22885504
Couldn't wait...

Hmmm, just run get current user and root came back!!!????

Now I am totally lost...
0
 
LVL 3

Assisted Solution

by:bishillo
bishillo earned 1000 total points
ID: 22885620
Sorry... get_current_user() returns the owner of the php file, not the user that it's executing it. Use posix_getuid() and let us know what returns.

It should be an integer. Check you /etc/password to see to which user it corresponds.

Also print_r(posix_getpwuid(posix_getuid())) will do the job.
0
 
LVL 13

Assisted Solution

by:Xyptilon2
Xyptilon2 earned 1000 total points
ID: 22887678
Bishillo is right... just after you mentioned it i said "ah yes, that's true". It is a common mistake with get_current_user()

Anyway, you should now know the user that is running the script. From there ,it should be relatively easy to determine which permissions need to be change to be able to run the script. However please not, that a open_basedir restriction MAY be in place, you can check this by looking in your php.ini file, or in the virtual host container of your Apache configuration.
0
 
LVL 2

Author Comment

by:RickSanson
ID: 22908601
Sorry! I haven't abandoned this question or these kind responses...

Been slammed the past couple of days and am getting back on this a little today and over the weekend.!
0
 
LVL 2

Accepted Solution

by:
RickSanson earned 0 total points
ID: 22912813
Hi! Sorry for the delay!

print_r(posix_getpwuid(posix_getuid())) returned Apache owning the php script

I moved the shell script off into the /root directory and added this to /etc/sudoers

apache  ALL=NOPASSWD:   /root/import5.sh

Changed that now named php script to import5.php which lookes like this:

<?PHP
$sVar = `/root/import5.sh 2&>1`;
echo $sVar;
?>

import5.sh hands-off some variables to kick off another script, concerned that that wouldn't work I changed /root/import5.sh  to do a mkdir /rickitikki which didn't happen. I then did chown apache /root/import5.sh with no progress.

I really need to get this to work and I hate being ignorant about this!

Thank you!

0
 
LVL 2

Author Comment

by:RickSanson
ID: 22927525
Bump!

I'm still stuck...

Thx
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses
Course of the Month15 days, 11 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question