[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Starting an ubuntu service from the web interface?

Posted on 2013-06-18
22
Medium Priority
?
234 Views
Last Modified: 2014-05-06
Hello, I have a script im my PHP file as follows:

echo exec('service asterisk start');

What I am tying to do is start my asterisk service from the web interface. When I run the script I get the following error:

Asterisk started as nonroot, but runuser 'ubuntu' requested.

Can someone let me know how I can correct this issue? Thank you.

A
0
Comment
Question by:aej1973
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 10
22 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257280
You can trying to invoke the service command with user 'ubuntu', but it failed because it requires root privileges. Try add the user to the sudoer file -
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

Then update the code to the following -
echo exec('sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257323
Hi, thank you for getting back to me. My sudoers file is attached and I made the changes to my php script but it still does not work...

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257331
What is the output message?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:aej1973
ID: 39257349
My PHP script is as follows:

<?php

        echo exec('sudo service asterisk start',$output,$return);
        var_dump($output)

?>

 The output I get on the screen is: array(0) { }
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 1200 total points
ID: 39257357
can you try to run this on the terminal?

sudo service asterisk start

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257368
yes, that works.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257413
Service does not start? Can you post the log from /var/log/secure and asterisk?
0
 

Author Comment

by:aej1973
ID: 39257431
When I removed the sudo from my php file I had the following output:

Asterisk started as nonroot, but runuser 'ubuntu' requested.array(3) { [0]=> string(34) " * Starting Asterisk PBX: asterisk" [1]=> string(46) "Unable to chown run directory to 1000 (ubuntu)" [2]=> string(60) "Asterisk started as nonroot, but runuser 'ubuntu' requested." }

I do not see the files /var/log/secure and asterisk.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257900
Can you post your complete sudoer file?
0
 

Author Comment

by:aej1973
ID: 39257927
Hello Mazdaja1, it is the same one I have posted above.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39258416
try-
exec('/usr/bin/sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39258504
still no, but the command works when I run it from the terminal.
0
 

Author Comment

by:aej1973
ID: 39261226
Mazdajai, any other thoughts? I am not sure how to proceed...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263091
Its odd it php does not output any message, Try adding the following to the sudoer -

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39263130
in the last line of the sudoers file?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263162
yes
0
 

Author Comment

by:aej1973
ID: 39349201
need some time...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39378338
How is it working out?
0
 

Author Comment

by:aej1973
ID: 39431813
Not sure how to do this, I will check and to the needful.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39432118
Have you tried to add the following in /etc/sudoers?

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39784547
Need to review this.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39835474
you don't have an output because exec() in php only returns what is printed to STDOUT. errors are likely printed to STDERR and password prompts are sent to the terminal directly

---

adding a webserver user to the sudoers file is definitely a big security concern

---

i'd suggest something like this :

run a separate daemon that listens on a local address and runs the asterisk start command.
for example (using faucet which is included in netpipes)
faucet 11111 --verbose --in --out --err service whatever start

Open in new window


then connect to 127.0.0.1:11111 from php in order to launch asterisk using something like this test
$ echo '<?php print(stream_get_contents(stream_socket_client("tcp://127.0.0.1:11111")));' | php
whatever: unrecognized service

Open in new window


don't forget to run the faucet command as root and don't forget to refuse connections from the wan to the socket

you can easily code the faucet part in php if you want
something like this should do (not tested so there may be typos)

$master=stream_socket_server('tcp://127.0.0.1:11111') or die ('cannot open master socket');
while($client=stream_socket_accept($master)){
  $res=popen('service asterisk start 2>&1','r');
  stream_copy_to_stream($res,$client);
  fclose($client);
}

Open in new window


and have php output asterisk startup messages line by line on the client side

$r=stream_socket_client("tcp://127.0.0.1:11111")
fpassthru($r);
fclose($r);

Open in new window


add timeouts using stream_set_timeout() if required

you can easily make this evolve so the server can execute various commands. just hard-code them server-side so you only open a specific set of functionalities

----

you can achieve a similar goal using a small shell script containing the startup command with setuid bit set and run it diretly from php like you already do
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
The viewer will learn how to count occurrences of each item in an array.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question