Solved

Starting an ubuntu service from the web interface?

Posted on 2013-06-18
22
207 Views
Last Modified: 2014-05-06
Hello, I have a script im my PHP file as follows:

echo exec('service asterisk start');

What I am tying to do is start my asterisk service from the web interface. When I run the script I get the following error:

Asterisk started as nonroot, but runuser 'ubuntu' requested.

Can someone let me know how I can correct this issue? Thank you.

A
0
Comment
Question by:aej1973
  • 11
  • 10
22 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257280
You can trying to invoke the service command with user 'ubuntu', but it failed because it requires root privileges. Try add the user to the sudoer file -
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

Then update the code to the following -
echo exec('sudo service asterisk start');

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257323
Hi, thank you for getting back to me. My sudoers file is attached and I made the changes to my php script but it still does not work...

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ubuntu ALL=NOPASSWD: /usr/bin/service *

Open in new window

0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257331
What is the output message?
0
 

Author Comment

by:aej1973
ID: 39257349
My PHP script is as follows:

<?php

        echo exec('sudo service asterisk start',$output,$return);
        var_dump($output)

?>

 The output I get on the screen is: array(0) { }
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 300 total points
ID: 39257357
can you try to run this on the terminal?

sudo service asterisk start

Open in new window

0
 

Author Comment

by:aej1973
ID: 39257368
yes, that works.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257413
Service does not start? Can you post the log from /var/log/secure and asterisk?
0
 

Author Comment

by:aej1973
ID: 39257431
When I removed the sudo from my php file I had the following output:

Asterisk started as nonroot, but runuser 'ubuntu' requested.array(3) { [0]=> string(34) " * Starting Asterisk PBX: asterisk" [1]=> string(46) "Unable to chown run directory to 1000 (ubuntu)" [2]=> string(60) "Asterisk started as nonroot, but runuser 'ubuntu' requested." }

I do not see the files /var/log/secure and asterisk.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39257900
Can you post your complete sudoer file?
0
 

Author Comment

by:aej1973
ID: 39257927
Hello Mazdaja1, it is the same one I have posted above.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39258416
try-
exec('/usr/bin/sudo service asterisk start');

Open in new window

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:aej1973
ID: 39258504
still no, but the command works when I run it from the terminal.
0
 

Author Comment

by:aej1973
ID: 39261226
Mazdajai, any other thoughts? I am not sure how to proceed...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263091
Its odd it php does not output any message, Try adding the following to the sudoer -

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39263130
in the last line of the sudoers file?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39263162
yes
0
 

Author Comment

by:aej1973
ID: 39349201
need some time...
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39378338
How is it working out?
0
 

Author Comment

by:aej1973
ID: 39431813
Not sure how to do this, I will check and to the needful.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39432118
Have you tried to add the following in /etc/sudoers?

Defaults requiretty

Open in new window

0
 

Author Comment

by:aej1973
ID: 39784547
Need to review this.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39835474
you don't have an output because exec() in php only returns what is printed to STDOUT. errors are likely printed to STDERR and password prompts are sent to the terminal directly

---

adding a webserver user to the sudoers file is definitely a big security concern

---

i'd suggest something like this :

run a separate daemon that listens on a local address and runs the asterisk start command.
for example (using faucet which is included in netpipes)
faucet 11111 --verbose --in --out --err service whatever start

Open in new window


then connect to 127.0.0.1:11111 from php in order to launch asterisk using something like this test
$ echo '<?php print(stream_get_contents(stream_socket_client("tcp://127.0.0.1:11111")));' | php
whatever: unrecognized service

Open in new window


don't forget to run the faucet command as root and don't forget to refuse connections from the wan to the socket

you can easily code the faucet part in php if you want
something like this should do (not tested so there may be typos)

$master=stream_socket_server('tcp://127.0.0.1:11111') or die ('cannot open master socket');
while($client=stream_socket_accept($master)){
  $res=popen('service asterisk start 2>&1','r');
  stream_copy_to_stream($res,$client);
  fclose($client);
}

Open in new window


and have php output asterisk startup messages line by line on the client side

$r=stream_socket_client("tcp://127.0.0.1:11111")
fpassthru($r);
fclose($r);

Open in new window


add timeouts using stream_set_timeout() if required

you can easily make this evolve so the server can execute various commands. just hard-code them server-side so you only open a specific set of functionalities

----

you can achieve a similar goal using a small shell script containing the startup command with setuid bit set and run it diretly from php like you already do
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
The viewer will learn how to count occurrences of each item in an array.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now