Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Starting an ubuntu service from the web interface?

Posted on 2013-06-18
22
216 Views
Last Modified: 2014-05-06
Hello, I have a script im my PHP file as follows:

echo exec('service asterisk start');

What I am tying to do is start my asterisk service from the web interface. When I run the script I get the following error:

Asterisk started as nonroot, but runuser 'ubuntu' requested.

Can someone let me know how I can correct this issue? Thank you.

A
0
Comment
Question by:aej1973
  • 11
  • 10
22 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257280
You can trying to invoke the service command with user 'ubuntu', but it failed because it requires root privileges. Try add the user to the sudoer file -
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

Then update the code to the following -
echo exec('sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257323
Hi, thank you for getting back to me. My sudoers file is attached and I made the changes to my php script but it still does not work...

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257331
What is the output message?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:aej1973
ID: 39257349
My PHP script is as follows:

<?php

        echo exec('sudo service asterisk start',$output,$return);
        var_dump($output)

?>

 The output I get on the screen is: array(0) { }
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 300 total points
ID: 39257357
can you try to run this on the terminal?

sudo service asterisk start

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257368
yes, that works.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257413
Service does not start? Can you post the log from /var/log/secure and asterisk?
0
 

Author Comment

by:aej1973
ID: 39257431
When I removed the sudo from my php file I had the following output:

Asterisk started as nonroot, but runuser 'ubuntu' requested.array(3) { [0]=> string(34) " * Starting Asterisk PBX: asterisk" [1]=> string(46) "Unable to chown run directory to 1000 (ubuntu)" [2]=> string(60) "Asterisk started as nonroot, but runuser 'ubuntu' requested." }

I do not see the files /var/log/secure and asterisk.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257900
Can you post your complete sudoer file?
0
 

Author Comment

by:aej1973
ID: 39257927
Hello Mazdaja1, it is the same one I have posted above.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39258416
try-
exec('/usr/bin/sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39258504
still no, but the command works when I run it from the terminal.
0
 

Author Comment

by:aej1973
ID: 39261226
Mazdajai, any other thoughts? I am not sure how to proceed...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263091
Its odd it php does not output any message, Try adding the following to the sudoer -

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39263130
in the last line of the sudoers file?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263162
yes
0
 

Author Comment

by:aej1973
ID: 39349201
need some time...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39378338
How is it working out?
0
 

Author Comment

by:aej1973
ID: 39431813
Not sure how to do this, I will check and to the needful.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39432118
Have you tried to add the following in /etc/sudoers?

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39784547
Need to review this.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 39835474
you don't have an output because exec() in php only returns what is printed to STDOUT. errors are likely printed to STDERR and password prompts are sent to the terminal directly

---

adding a webserver user to the sudoers file is definitely a big security concern

---

i'd suggest something like this :

run a separate daemon that listens on a local address and runs the asterisk start command.
for example (using faucet which is included in netpipes)
faucet 11111 --verbose --in --out --err service whatever start

Open in new window


then connect to 127.0.0.1:11111 from php in order to launch asterisk using something like this test
$ echo '<?php print(stream_get_contents(stream_socket_client("tcp://127.0.0.1:11111")));' | php
whatever: unrecognized service

Open in new window


don't forget to run the faucet command as root and don't forget to refuse connections from the wan to the socket

you can easily code the faucet part in php if you want
something like this should do (not tested so there may be typos)

$master=stream_socket_server('tcp://127.0.0.1:11111') or die ('cannot open master socket');
while($client=stream_socket_accept($master)){
  $res=popen('service asterisk start 2>&1','r');
  stream_copy_to_stream($res,$client);
  fclose($client);
}

Open in new window


and have php output asterisk startup messages line by line on the client side

$r=stream_socket_client("tcp://127.0.0.1:11111")
fpassthru($r);
fclose($r);

Open in new window


add timeouts using stream_set_timeout() if required

you can easily make this evolve so the server can execute various commands. just hard-code them server-side so you only open a specific set of functionalities

----

you can achieve a similar goal using a small shell script containing the startup command with setuid bit set and run it diretly from php like you already do
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question