Set file (.sh) to be executable by www account in FreeBSD 7.0?

I made a abc.sh file and when in the command line I can run the command, but when i try to run the .sh script as www i get prompt for a password to run this commad.

How do I fix this problem.  or set file to be executable by www account?

example:  sudo -u www ./abc.sh
I am log in to shell as regular user.  

config is FreeBSD 7.0 with Apache 2, PHP 5.
ITCityAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Todd MummertCommented:

sudo chmod a+x abc.sh     which will allow everyone to run it..

or change it to be owned by www

chown www abc.sh



0
ITCityAuthor Commented:
This files has now a chmod of www and i did a sudo chmod a+w abc.sh and abc.php files.  Below is the code on the abc.php file.  The results that I get are www on the webpage but the second operation which excecutes abc.sh does not work.

It does not even display anything on the site page, only "www".
<?php
                     $results = shell_exec('whoami');
      $results1 = shell_exec('abc.sh');

      echo "<pre>$results</pre>";
      echo "<br/><pre>$results1</pre>";
?>
0
Todd MummertCommented:

is PHP running in safe mode?   shell_exec is disabled if so...    

try     shell_exec ("date")    or hostname or ls    and see if there is any output



0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Todd MummertCommented:
and you should give the path to abc.sh

0
ITCityAuthor Commented:
No php is not running in safe mode.  I checked php.ini file.  I added the shell_exec('date') and the date prints out.

the file (abc.sh) resides on the same folder as abc.php.

Any other ideas I can check out?
0
ITCityAuthor Commented:
furthermore, When i log in as regular user and i type ./abc.sh then the command runs perfectly... just not from web....
0
Todd MummertCommented:

add the full path in the php file...  

the command abc.sh  isn't being found.      when you're at the command line...  ./abc.sh  is a relative path...     abc.sh  would not work, and that's what you're trying to do

if you knew for certain that the process was running in that directory,.... you could do ./abc.sh   but I'd still recommend the full path

0
ITCityAuthor Commented:
I just tried both "./abc.sh" and with full path "/usr/home/sas/public_html/"

Still nothing.  i only get the date and whoami displayed.  the .sh script does not run.
0
Todd MummertCommented:

running out of ideas here

shell_exec()   captures only stdout...     if the output is going to stderr, try the following:

shell_exec("/path/to/abc.sh  2>&1");
0
Todd MummertCommented:


also, if you're looking at this on a browser page, take a look at the page source to see if there's anything different there

0
ITCityAuthor Commented:
I have tested on another server and the same result.  I get a display of user and date, which is fine, but the action of running the .sh file does not run or excecute as www when the permissions are already set and owner is www of the file.


This is my .sh file that i can run in ssh #.

scp /usr/home/sas/public_html/merchant/_sql_stuff/text.csv sasftp@domain.com:/usr/home/sas/public_html/merchant/_sql_stuff/text.csv


0
Todd MummertCommented:

ah... that's a good test


replace your command in   abc.sh


with

#!/bin/sh
hostname
date

and let me know if you see both hostname and date when abc.sh is exec'd

so still call abc.sh   but replace the contents w/ the above


0
ITCityAuthor Commented:
Yes,
That test works.

I get this display of hostname and date.
hostname.server.com
Thu May 28 17:04:30 EDT 2009
0
Todd MummertCommented:

just noticed:

this command --  scp /usr/home/sas/public_html/merchant/_sql_stuff/text.csv sasftp@domain.com:/usr/home/sas/public_html/merchant/_sql_stuff/text.csv

doesn't typically return anything so it may be working.   1) it copies the local file to the remote host and path    and 2)  how are the ssh credentials being passed (since it isn't an interactive shell, it can't prompt for password).

On point 2,    try   using   scp -B   (batch mode)


try this for your script:

#!/bin/sh
echo starting scp
scp -B /usr/home/sas/public_html/merchant/_sql_stuff/text.csv sasftp@domain.com:/usr/home/sas/public_html/merchant/_sql_stuff/text.csv
echo   scp done...

do you see all the echo's ?



0
ITCityAuthor Commented:
The file transfer is not happening, bc i am checking folders on both servers to see it the file is transfering.

When I put the command that you submitted before, the webpage stays trying and trying.  I think it is waiting for a password for the transfer.

What I had done for the user sasftp which is the account that I had in the .sh script, I made a rsa key so that it would not ask the user for the password when in the consule or sshed in to the server.

Where can i put the rsa key for the user www in apache.  I do not see the a users folder for www.

Do you know the path where I can put this key so that it will not prompt for password and get stuck and not complete the command?
0
ITCityAuthor Commented:
oh no i do not see the echo's
0
ITCityAuthor Commented:
For the user sasftp in the home dir i have a folder called .ssh and that is where i have the key to the other server that does not prompt the user to put a password when the user does a scp.
0
Todd MummertCommented:

is the file still owned by www and executable?

comment out the scp  ( add a # at the front of the line)  just to make sure we see the echo's

scp takes a -i identity_file flag      so try using that ( it's probably named something like  /path/to/some/home/.ssh/id_rsa)


0
ITCityAuthor Commented:
files are owned by www and executables are www owner.

When i comment out the # i get this result.

starting scp
scp done...

0
Todd MummertCommented:


good... so now to get scp to work

remove the comment line

try

scp -i identity_file   /path/to/your_local_file  user@host:/remote/file  2>&1

the 2>&1  will let us capture stderr as well  (try it w/ and w/o)



0
Todd MummertCommented:


you will have to make sure that www can read the identity_file, btw.


also, to find where it's home is,     grep www /etc/passwd

back later

0
ITCityAuthor Commented:
#!/bin/sh
echo starting scp

scp -i identity_file /usr/home/sas/public_html/merchant/_sql_stuff/file.txt sasftp@domain.com:/usr/home/sas/public_html/merchant/_sql_stuff/file.txt 2>&1

echo   scp done...
--------------------------

I get this result:

starting scp
Warning: Identity file identity_file not accessible: No such file or directory.
Could not create directory '/nonexistent/.ssh'.
Host key verification failed.
lost connection
scp done...
0
ITCityAuthor Commented:
Does this look ok for

#!/bin/sh
echo starting scp

scp -i id_dsa.pub /merchant/_sql_stuff/text.txt sasftp@domain.com:/usr/home/sas/public_html/merchant/_sql_stuff/text.txt 2>&1

echo   scp done...
0
ITCityAuthor Commented:
I tried this also...

#!/bin/sh
echo starting scp

scp -i id_dsa.pub /merchant/_sql_stuff/text.txt sasftp@domain.com:/usr/home/sas/public_html/merchant/_sql_stuff/text.txt 2>&1

echo   scp done...

Dont really know where i copy the file id_dsa.pub to though for www to read it.   I copied file to location where the abc.php is located and made it chown www to the file
0
ITCityAuthor Commented:
This is an output that I got

starting scp
Could not create directory '/nonexistent/.ssh'.
Host key verification failed.
lost connection
scp done...



code in .sh file is
#!/bin/sh
echo starting scp

scp -i id_dsa.pub /usr/home/sas/public_html/id_dsa.pub /merchant/_sql_stuff/text.txt sasftp@domain.com:/usr/home/sas/public_html/merchant/_sql_stuff/text.txt 2>&1

echo   scp done...
0
Todd MummertCommented:

I think that answers one question I had... what is the home directory of the user www (from /etc/passwd).   It looks like it must be set to nonexistent or /nonexistent

It's going to need this .ssh directory to write the known_hosts in.... which is a problem.


For now, you might want to:

1)  look at the entry for www in /etc/passwd   and save it somewhere

    grep www /etc/passwd > www-etc.txt

2) create a home directory for www
     
     usermod -d /home/www

3)  try the scp command as www

     sudo su - www

     // try the scp command from the command line ...   do you have to enter a passwd?
     //  after the first time, does it just work with no user input?

   exit

4)  try your script again


     

   

   
0
Todd MummertCommented:
sorry... after creating the home dir

    mkdir /home/www/.ssh
    chmod700 /home/www/.ssh
    cp id_dsa  /home/www/ssh
    cp id_dsa.pub /home/www/.ssh


if you can scp w/o a password, you probably don't need the -i flag to scp in your script
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.