?
Solved

Starting an ubuntu service from the web interface?

Posted on 2013-06-18
22
Medium Priority
?
226 Views
Last Modified: 2014-05-06
Hello, I have a script im my PHP file as follows:

echo exec('service asterisk start');

What I am tying to do is start my asterisk service from the web interface. When I run the script I get the following error:

Asterisk started as nonroot, but runuser 'ubuntu' requested.

Can someone let me know how I can correct this issue? Thank you.

A
0
Comment
Question by:aej1973
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 10
22 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257280
You can trying to invoke the service command with user 'ubuntu', but it failed because it requires root privileges. Try add the user to the sudoer file -
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

Then update the code to the following -
echo exec('sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257323
Hi, thank you for getting back to me. My sudoers file is attached and I made the changes to my php script but it still does not work...

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257331
What is the output message?
0
Not sure which OpenStack Certification to get?

So you’ve realized you might want to get certified in OpenStack, but you’re not sure what the benefits might be or even which one you should take. You know there are several certification courses you can choose from, but how do you know which one is right for you?

 

Author Comment

by:aej1973
ID: 39257349
My PHP script is as follows:

<?php

        echo exec('sudo service asterisk start',$output,$return);
        var_dump($output)

?>

 The output I get on the screen is: array(0) { }
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 1200 total points
ID: 39257357
can you try to run this on the terminal?

sudo service asterisk start

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257368
yes, that works.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257413
Service does not start? Can you post the log from /var/log/secure and asterisk?
0
 

Author Comment

by:aej1973
ID: 39257431
When I removed the sudo from my php file I had the following output:

Asterisk started as nonroot, but runuser 'ubuntu' requested.array(3) { [0]=> string(34) " * Starting Asterisk PBX: asterisk" [1]=> string(46) "Unable to chown run directory to 1000 (ubuntu)" [2]=> string(60) "Asterisk started as nonroot, but runuser 'ubuntu' requested." }

I do not see the files /var/log/secure and asterisk.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257900
Can you post your complete sudoer file?
0
 

Author Comment

by:aej1973
ID: 39257927
Hello Mazdaja1, it is the same one I have posted above.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39258416
try-
exec('/usr/bin/sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39258504
still no, but the command works when I run it from the terminal.
0
 

Author Comment

by:aej1973
ID: 39261226
Mazdajai, any other thoughts? I am not sure how to proceed...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263091
Its odd it php does not output any message, Try adding the following to the sudoer -

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39263130
in the last line of the sudoers file?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263162
yes
0
 

Author Comment

by:aej1973
ID: 39349201
need some time...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39378338
How is it working out?
0
 

Author Comment

by:aej1973
ID: 39431813
Not sure how to do this, I will check and to the needful.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39432118
Have you tried to add the following in /etc/sudoers?

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39784547
Need to review this.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39835474
you don't have an output because exec() in php only returns what is printed to STDOUT. errors are likely printed to STDERR and password prompts are sent to the terminal directly

---

adding a webserver user to the sudoers file is definitely a big security concern

---

i'd suggest something like this :

run a separate daemon that listens on a local address and runs the asterisk start command.
for example (using faucet which is included in netpipes)
faucet 11111 --verbose --in --out --err service whatever start

Open in new window


then connect to 127.0.0.1:11111 from php in order to launch asterisk using something like this test
$ echo '<?php print(stream_get_contents(stream_socket_client("tcp://127.0.0.1:11111")));' | php
whatever: unrecognized service

Open in new window


don't forget to run the faucet command as root and don't forget to refuse connections from the wan to the socket

you can easily code the faucet part in php if you want
something like this should do (not tested so there may be typos)

$master=stream_socket_server('tcp://127.0.0.1:11111') or die ('cannot open master socket');
while($client=stream_socket_accept($master)){
  $res=popen('service asterisk start 2>&1','r');
  stream_copy_to_stream($res,$client);
  fclose($client);
}

Open in new window


and have php output asterisk startup messages line by line on the client side

$r=stream_socket_client("tcp://127.0.0.1:11111")
fpassthru($r);
fclose($r);

Open in new window


add timeouts using stream_set_timeout() if required

you can easily make this evolve so the server can execute various commands. just hard-code them server-side so you only open a specific set of functionalities

----

you can achieve a similar goal using a small shell script containing the startup command with setuid bit set and run it diretly from php like you already do
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question