locdang
asked on
Allow PHP to restart SQUID
Hi all,
I have a SQUID installation on an OpenSuSe 10 server.
I have written a management webapp thru Apache and PHP to perform various tasks that I need done in relation to squid.
The problem I am having is I am unable to perform the following tasks using PHP's exec function:
/etc/init.d/squid stop
/etc/init.d/squid start
/etc/init.d/squid restart
/etc/init.d/squid status
/etc/init.d/squid force-reload
(I have also tried the alternates using 'rcsquid' insted of /etc/init.d/squid)
I have attempted the following things:
Added wwwrun to the Sudoers file and configured it for use without password, then attempted the above commands with the sudo prefix
Made root the primary group of wwwrun to see if that made a difference
Added the commands i wish to run to a bash file and tried executing the bash file insted.
None of the above worked.
My PHP code isn't returning any errors, and the optional output variable of exec in php is returning an empty array.
I am out of ideas and slowly going insane with every google search i do... can anyone help?
Thanks,
Xavier.
I have a SQUID installation on an OpenSuSe 10 server.
I have written a management webapp thru Apache and PHP to perform various tasks that I need done in relation to squid.
The problem I am having is I am unable to perform the following tasks using PHP's exec function:
/etc/init.d/squid stop
/etc/init.d/squid start
/etc/init.d/squid restart
/etc/init.d/squid status
/etc/init.d/squid force-reload
(I have also tried the alternates using 'rcsquid' insted of /etc/init.d/squid)
I have attempted the following things:
Added wwwrun to the Sudoers file and configured it for use without password, then attempted the above commands with the sudo prefix
Made root the primary group of wwwrun to see if that made a difference
Added the commands i wish to run to a bash file and tried executing the bash file insted.
None of the above worked.
My PHP code isn't returning any errors, and the optional output variable of exec in php is returning an empty array.
I am out of ideas and slowly going insane with every google search i do... can anyone help?
Thanks,
Xavier.
Maciej S
Do you still have your /etc/sudoers file with wwwrun user added? If so, can you paste it here (or just appropriate line). I assume, that you are sure, that apache is run by wwwrun user?
ASKER
Im fairly sure that it it wwwrun that apache runs as, it suggests this in the passw file.
here are the 2 files.
here are the 2 files.
SUDOERS FILE
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
Defaults targetpw # ask for the password of the target user i.e. root
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
root ALL=(ALL) ALL
wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid status
wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid start
wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid stop
wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid restart
wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid force-reload
USERS ON THE SYSTEM
avahi:x:105:106:User for Avahi:/var/run/avahi-daemon:/bin/false
beagleindex:x:109:113:User for Beagle indexing:/var/cache/beagle:/bin/bash
bin:x:1:1:bin:/bin:/bin/bash
daemon:x:2:2:Daemon:/sbin:/bin/bash
festival:x:104:105:Festival daemon:/usr/share/festival/:/bin/false
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
games:x:12:100:Games account:/var/games:/bin/bash
gdm:x:108:112:Gnome Display Manager daemon:/var/lib/gdm:/bin/false
haldaemon:x:103:104:User for haldaemon:/var/run/hal:/bin/false
lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
messagebus:x:100:101:User for D-Bus:/var/run/dbus:/bin/false
mysql:x:60:114:MySQL database admin:/var/lib/mysql:/bin/false
news:x:9:13:News system:/etc/news:/bin/bash
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
ntp:x:74:107:NTP daemon:/var/lib/ntp:/bin/false
polkituser:x:102:103:PolicyKit:/var/run/PolicyKit:/bin/false
postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
pulse:x:106:108:PulseAudio daemon:/var/lib/pulseaudio:/sbin/nologin
root:x:0:0:root:/root:/bin/bash
squid:x:31:65534:WWW-proxy squid:/var/cache/squid:/bin/false
sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
suse-ncc:x:107:111:Novell Customer Center User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
uuidd:x:101:102:User for uuidd:/var/run/uuidd:/bin/false
wwwrun:x:30:0:WWW daemon apache:/var/lib/wwwrun:/bin/bash
epicentre:x:1000:100:Epicentre:/home/epicentre:/bin/bash
Remove (or comment out) line 9 of your snippet.
ASKER
I have commented that out but still no luck
Also, it should be sufficient to specify:
wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid
wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid
Ok, that's strange now :)
Can you check your /var/log/messages logfile?
Can you check your /var/log/messages logfile?
ASKER
I have made the change to sudoers as you suggested, dunno how i missed that piece of logic :) (wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/squid)
/var/log/messages
Feb 23 12:09:42 EPICSQUID checkproc: checkproc: Can not read /proc/2951/exe: Permission denied
I was hoping to see some sudo related entries in this logfile. Maybe you have them in /var/log/secure /var/log/auth or some other file? Can you check this and paste proper lines here?
How are you checking this sudo commands? With your php script? If so, can you try to check it with commandline? (login as root, switch to wwwrun with "su - wwwrun" command, then - as wwwrun user - try to restart squid with sudo: "sudo /etc/init.d/squid restart"). Did sudo asked you for password or not?
How are you checking this sudo commands? With your php script? If so, can you try to check it with commandline? (login as root, switch to wwwrun with "su - wwwrun" command, then - as wwwrun user - try to restart squid with sudo: "sudo /etc/init.d/squid restart"). Did sudo asked you for password or not?
ASKER
Sudo is not asking for passwords.
It also seems to be working if i bash the commands myself after entering a shell for wwwrun
but when I exec in php it doesn't error but doesn't do it either.... maybe the issue is php now?
It also seems to be working if i bash the commands myself after entering a shell for wwwrun
but when I exec in php it doesn't error but doesn't do it either.... maybe the issue is php now?
<?php
exec("/etc/init.d/squid start ",$output) or die("Could not restart Squid!");
die('Squid Restarted'."<br>".$output);
?>
ASKER
can't find a /var/log/auth or anything likely to be the same thing around it.... doing a google to find its location in opensuse.
ASKER
scratch that, no filtering is setup on so their all going to messages, guess i'll be fixing that! :D
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
lol that fixed it. I did have sudo in front before, i must have taken it out for some reason.... o.0
Thanks heaps, im totally estatic that it is finally resolved.
Xavier.
Thanks heaps, im totally estatic that it is finally resolved.
Xavier.
ASKER
Fast replys and great advice. Thanks so much!
Xavier.
Xavier.