?
Solved

Starting an ubuntu service from the web interface?

Posted on 2013-06-18
22
Medium Priority
?
240 Views
Last Modified: 2014-05-06
Hello, I have a script im my PHP file as follows:

echo exec('service asterisk start');

What I am tying to do is start my asterisk service from the web interface. When I run the script I get the following error:

Asterisk started as nonroot, but runuser 'ubuntu' requested.

Can someone let me know how I can correct this issue? Thank you.

A
0
Comment
Question by:aej1973
  • 11
  • 10
22 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257280
You can trying to invoke the service command with user 'ubuntu', but it failed because it requires root privileges. Try add the user to the sudoer file -
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

Then update the code to the following -
echo exec('sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257323
Hi, thank you for getting back to me. My sudoers file is attached and I made the changes to my php script but it still does not work...

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257331
What is the output message?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:aej1973
ID: 39257349
My PHP script is as follows:

<?php

        echo exec('sudo service asterisk start',$output,$return);
        var_dump($output)

?>

 The output I get on the screen is: array(0) { }
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 1200 total points
ID: 39257357
can you try to run this on the terminal?

sudo service asterisk start

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257368
yes, that works.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257413
Service does not start? Can you post the log from /var/log/secure and asterisk?
0
 

Author Comment

by:aej1973
ID: 39257431
When I removed the sudo from my php file I had the following output:

Asterisk started as nonroot, but runuser 'ubuntu' requested.array(3) { [0]=> string(34) " * Starting Asterisk PBX: asterisk" [1]=> string(46) "Unable to chown run directory to 1000 (ubuntu)" [2]=> string(60) "Asterisk started as nonroot, but runuser 'ubuntu' requested." }

I do not see the files /var/log/secure and asterisk.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257900
Can you post your complete sudoer file?
0
 

Author Comment

by:aej1973
ID: 39257927
Hello Mazdaja1, it is the same one I have posted above.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39258416
try-
exec('/usr/bin/sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39258504
still no, but the command works when I run it from the terminal.
0
 

Author Comment

by:aej1973
ID: 39261226
Mazdajai, any other thoughts? I am not sure how to proceed...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263091
Its odd it php does not output any message, Try adding the following to the sudoer -

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39263130
in the last line of the sudoers file?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263162
yes
0
 

Author Comment

by:aej1973
ID: 39349201
need some time...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39378338
How is it working out?
0
 

Author Comment

by:aej1973
ID: 39431813
Not sure how to do this, I will check and to the needful.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39432118
Have you tried to add the following in /etc/sudoers?

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39784547
Need to review this.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39835474
you don't have an output because exec() in php only returns what is printed to STDOUT. errors are likely printed to STDERR and password prompts are sent to the terminal directly

---

adding a webserver user to the sudoers file is definitely a big security concern

---

i'd suggest something like this :

run a separate daemon that listens on a local address and runs the asterisk start command.
for example (using faucet which is included in netpipes)
faucet 11111 --verbose --in --out --err service whatever start

Open in new window


then connect to 127.0.0.1:11111 from php in order to launch asterisk using something like this test
$ echo '<?php print(stream_get_contents(stream_socket_client("tcp://127.0.0.1:11111")));' | php
whatever: unrecognized service

Open in new window


don't forget to run the faucet command as root and don't forget to refuse connections from the wan to the socket

you can easily code the faucet part in php if you want
something like this should do (not tested so there may be typos)

$master=stream_socket_server('tcp://127.0.0.1:11111') or die ('cannot open master socket');
while($client=stream_socket_accept($master)){
  $res=popen('service asterisk start 2>&1','r');
  stream_copy_to_stream($res,$client);
  fclose($client);
}

Open in new window


and have php output asterisk startup messages line by line on the client side

$r=stream_socket_client("tcp://127.0.0.1:11111")
fpassthru($r);
fclose($r);

Open in new window


add timeouts using stream_set_timeout() if required

you can easily make this evolve so the server can execute various commands. just hard-code them server-side so you only open a specific set of functionalities

----

you can achieve a similar goal using a small shell script containing the startup command with setuid bit set and run it diretly from php like you already do
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question