How do I execute a shell script via PHP on Linux using wget on Windows XP and Vista?

I need to execute a bash shell script on RHEL 5.2 from a Windows XP or Vista workstation from both an intra-net and the internet. WGet seems to be a logical choice (no firewall considerations) and I can get it installed on all client machines. Using PHP or CGI seems the logical choice for wget to fire.

I have spent 10 hours today trying to work this out. I'm not a developer! Using a variety of PHP functions (system, exec, shell_exec, passthru) is can execute the scripts locally but not via wget. I suspect permissions.

I'm completely lost!

Thank you!

Some examples below...



 
<?php
shell_exec('sudo -u root -S /files/eid.sh < /home/$User/dir/dir/dir/passfile');
?>
 
<?php
system("nohup /var/www/cgi-bin/import/runworks.sh > /dev/null & echo $!;");
?>
 
<?php
exec("/usr/bin/sudo /var/www/cgi-bin/import/runworks.sh");
?>
 
runworks.sh
/news_root/navicat/./start_navicat /import localhost emeraldisland Contacts

Open in new window

LVL 2
RickSansonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Xyptilon2Commented:
wget retrieves files or pages just like your browser does. In order for it to work, PHP needs to be able to execute it, so permissions 755 sound right to me. 750 should also do.

 To execute a program in PHP you can catch the output of STDOUT and STDERR so that you can troubleshoot the issue. For this, we can use the backtick operator (not the quote)

<?PHP

$sOutput=`/usr/bin/sudo /var/www/cgi-bin/import/runworks.sh 2&>1`;
echo $sOutput;

?>

We add 2&>1 to redirect file descriptor 2 (STDERR) to STDOUT so we can catch it in our variabele and show it to the user. So we also catch all the errors :)
0
bishilloCommented:
To exec the php file using wget from a remote host, first try to load the url directly in a browser to check if it works. You will need having a web server configured. Did you have one ready?

Also consider not storing the password in a file like you do. That file should be readable, so any user will be able to use sudo, and become root.

If you need an unprivileged user like www-data to execute something as root you should better do the following:

1. execute visudo as root
2. add a line like:
www-data   ALL = NOPASSWD: /path/to/comand/its/able/to/exec1, /path/to/executable2
(it's using vi, so pess i to insert, finish with [ESC], and type :wq [ENTER] to exit.

Then the user www-data will be able to exec that commands without needing password.
0
RickSansonAuthor Commented:
Hi!
 
Thanks for the input!

This didn't work at all for whatever reason.

<?PHP
$sOutput=`/usr/bin/sudo /var/www/cgi-bin/import/runworks.sh 2&>1`;
echo $sOutput;
?>


I think it's getting closer...

New import.php script

#!/usr/bin/php
<?
exec('sudo /var/www/cgi-bin/test/import.sh');
?>


New import.sh

#!/bin/sh
cd /news_root/navicat
./start_navicat /import localhost emeraldisland SendStatus


Output of /var/log/httpd/error_log

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:

I am still quite lost!

Thank you!





0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Xyptilon2Commented:
If the backtick operator didn't work, then that functionality may be disabled in the php.ini file, which is not totally uncommon among webhosts to do this.

However, the first example, you are using apache2 PHP and in your second example, you are using PHP from the command line. Which are you using? The difference is that both have different .ini files.
0
RickSansonAuthor Commented:
I really don't know what I am doing! I'm learning (Thank you!) but still mostly clueless...

This server is mine so I can config are needed.

"...the first example, you are using apache2 PHP and in your second example, you are using PHP from the command line. Which are you using"

I don't know! I assumed that I needed the she-bang defined in post number 2. It that what is defining Apache2 PHP or not?

I can't imagine this is that hard but I am struggling with it for sure!

Any direction is appreciated!
0
Xyptilon2Commented:
If you are running the PHP script in a browser, then you have to remove the line with the she-bang.

If you are using the PHP as a commandline script then you need to include the she-bang online on the first line because it tells the system where the interpreter is.

You said you want to execute a Bash script on a Red Hat machine from anywhere in the world (intranet and internet). The easiest way to do that is setup an Apache on that Red Hat machine and execute a PHP script through your browser that launches the bash script.

For that, the back tick operator should work. Try this simple example, run the script in your browser and tell me what you get

<?PHP

$sVar = `echo hello`;
echo $sVar;

?>


0
RickSansonAuthor Commented:
In regards to a browser, no, wget only...

So I now assume she-bang required. I'm sorry I can't test right now!

I'm off to vote for the next bozo who thinks they can run a country! We should just kill ourselves now...

I'll report back here later!

Thank you!
0
Xyptilon2Commented:
Well, wget is a browser, it's just a command line browser, it retrieves a file from a webserver just like a browser would.


0
RickSansonAuthor Commented:
"Try this simple example, run the script in your browser and tell me what you get

<?PHP

$sVar = `echo hello`;
echo $sVar;

?>"

wget returns "hello"

Obviously successful! Thanks!

Now, I plug in the following script (now called test.php)


<?PHP
$sVar = `/var/www/cgi-bin/test/import.sh`;
?>

It runs import.sh but the actions that import.sh perform do not work. When running import.sh by itself import.sh runs are expected.

Now I turn to permissions I believe!

You are making progress Xyptilion2, please continue!

Thank you!


0
Xyptilon2Commented:
It is probably not working, because certain environment variables such as Path are not set. Try specifying the full paths to each command in your import script. So don't use "sendmail", but use "/usr/sbin/sendmail"...(without the quotes, but the full paths).

Goodluck!
0
Xyptilon2Commented:
Change it to:

<?PHP
$sVar = `/var/www/cgi-bin/test/import.sh 2&>1`;
echo $sVar;
?>

The 2&>1 will redirect STDERR to STDOUT, making the error messages visible for you when you print them in the PHP script, it should make debugging your import.sh script a lot easier.

0
RickSansonAuthor Commented:
BTW, I am running wget  -q -O- www.server.somedomain.com/cgi-bin/test/test.php from an XP box out on the net!

<?PHP
$sVar = `/var/www/cgi-bin/test/import.sh 2&>1`;
echo $sVar;
?>

This returned permission denied...

Working on sudo...

I added to sudoers

execuser        ALL=NOPASSWD: /var/www/cgi-bin/test/import.sh

And tried...

<?PHP
$sVar =`/usr/bin/sudo /var/www/cgi-bin/test/import.sh`;
?>

/var/log/httpd/access_log says.

password:

I'm trying here! Thanks again!


0
Xyptilon2Commented:
If you're running import.sh through wget, it will run as the user that runs the script.  If this is through apache, then this is most likely the www-data or nobody user. Make sure this user has execute permissions on all the commands inside import.sh and on import.sh itself :)
0
RickSansonAuthor Commented:
The import.sh kicks off another set of scripts

import.sh
!/bin/sh
cd /news_root/navicat
./start_navicat /import localhost emeraldisland SendStatus

These script are returning the errors in access_log and per you last instruction, I assume that these scripts are the scripts the require apache or nobody execute permissions.

On the directory (/var/www/cgi-bin/test) where both test.php and import.sh live, I did

chown -R nobody test
chmod -R 777 test

/var/log/httpd/error_log returns "sh: 1: Permission denied"

Then I did

chown -R apache test
chmod -R 777 test

/var/log/httpd/error_log returns " (13) Permission denied: access to /cgi-bin/test/test.php denied"

I am now as clueless as when I started!

I apologize for the lack of experience in this area! You were here too... :)




 





0
Xyptilon2Commented:
Make sure who's running the script, perhaps you have a wrapper like SuExec installed, you can find out by doing the following:

<?PHP

echo get_current_user();

?>

Then make sure this user has execute permissions on import.sh and that import.sh (which is then running as that user also) has read permissions on your logfile.
0
bishilloCommented:
Some suggestions:

  1. Don't storethe import.sh on an web server directly accesible path. PHP can execute files outside the /var/www so a better option will be /usr/local/bin/import.sh
  2. The first like should be #!/bin/sh (not !/bin/sh), your sample missed the #
  3. You must give 755 rights to /usr/local/bin/import.sh
  4. As Xyptilon2 told, use get_current_user() to see which user is executing the PHP, and add it to the /etc/sudoers. It will probably be www-data, so add:
    www-data    ALL=NOPASSWD:/usr/local/bin/import.sh
  5. The php file usually don't need exec permisions. Store it outside cgi-bin. It should be interpreted by mod_php, not as a cgi.
Good luck!
0
RickSansonAuthor Commented:
I've had a busy evening and have a busy day today. I'll resume today at some point, hopefully I'll have some time later this morning.

Thank you both!

I'll report back here later today!
0
RickSansonAuthor Commented:
Couldn't wait...

Hmmm, just run get current user and root came back!!!????

Now I am totally lost...
0
bishilloCommented:
Sorry... get_current_user() returns the owner of the php file, not the user that it's executing it. Use posix_getuid() and let us know what returns.

It should be an integer. Check you /etc/password to see to which user it corresponds.

Also print_r(posix_getpwuid(posix_getuid())) will do the job.
0
Xyptilon2Commented:
Bishillo is right... just after you mentioned it i said "ah yes, that's true". It is a common mistake with get_current_user()

Anyway, you should now know the user that is running the script. From there ,it should be relatively easy to determine which permissions need to be change to be able to run the script. However please not, that a open_basedir restriction MAY be in place, you can check this by looking in your php.ini file, or in the virtual host container of your Apache configuration.
0
RickSansonAuthor Commented:
Sorry! I haven't abandoned this question or these kind responses...

Been slammed the past couple of days and am getting back on this a little today and over the weekend.!
0
RickSansonAuthor Commented:
Hi! Sorry for the delay!

print_r(posix_getpwuid(posix_getuid())) returned Apache owning the php script

I moved the shell script off into the /root directory and added this to /etc/sudoers

apache  ALL=NOPASSWD:   /root/import5.sh

Changed that now named php script to import5.php which lookes like this:

<?PHP
$sVar = `/root/import5.sh 2&>1`;
echo $sVar;
?>

import5.sh hands-off some variables to kick off another script, concerned that that wouldn't work I changed /root/import5.sh  to do a mkdir /rickitikki which didn't happen. I then did chown apache /root/import5.sh with no progress.

I really need to get this to work and I hate being ignorant about this!

Thank you!

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RickSansonAuthor Commented:
Bump!

I'm still stuck...

Thx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Shell Scripting

From novice to tech pro — start learning today.