• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2447
  • Last Modified:

reboot linux Centos server in php if know root password

Dear Experts,
Based on http://benaiah41.wordpress.com/2008/08/15/37/
Finally, I add "mylogin   ALL = (ALL)    ALL"  in /etc/sudoers files to solve and  allow
sudo for reboot my server successfully  on linux shell command from mylogin account
like this mylogin@mysite.com[~/home/public_html/php/]  echo "PASSWORD" | sudo -u root -S  reboot

So now I try to put the reboot command  on php as follow code and it works just only on linux shell after login  putty program on my home PC  with username=mylogin and my server is rebooting successfully when I type php rb.php

Anyway It does NOT work on browser on my home PC and cron-job on my server.
The php script is for user to reboot the server if they know the root password
from browser or his cronjob scheduler.

I have changed the shell_exec function to exec or system() in php, all doesn't work
 on brower or cron-job but all works on the linux shell(putty) executing the php script.
Why ?

Any idea, sudoers file seems is no issue at all  since I 've already add mylogin account name and liunx command with echo "PASSWORD" | sudo -u root -S  reboot  is working fine.

And it also NOT  work if I put it in cron-job like
0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot
0 6 * * *  php rb.php

So why it is only working on linux shell command and linux shell php script run but NOT  work for  php script run on browser or cron-job for the same  reboot command echo  "PASSWORD" | sudo -u root -S  reboot ?  

And I already change mode(chmod)  to 777for rb.php file

Please advise
Duncan



rb.php
=====
<?php
chdir(dirname(__FILE__));
echo dirname(__FILE__)."==x=\n";
$today = date("F j, Y, g:i:s a");
echo $today."       Starting  rb====\n";
file_put_contents("rb.log",$today."       Starting rb====\n");
shell_exec('echo "PASSWORD"|sudo -u root -S reboot');
?>

Open in new window

0
duncanb7
Asked:
duncanb7
  • 11
  • 6
  • 3
  • +1
2 Solutions
 
Dan CraciunIT ConsultantCommented:
Have you tried to run this, from inside your web page?
shell_exec("php rb.php");

Open in new window

HTH,
Dan
0
 
duncanb7Author Commented:
you mean ? Is it do-looping rb.php itself ? Or create other new php
for shell_exec('php rb.php');

for rb.php file

<?php
chdir(dirname(__FILE__));
echo dirname(__FILE__)."==x=\n";
$today = date("F j, Y, g:i:s a");
echo $today."       Starting  rb====\n";
file_put_contents("rb.log",$today."       Starting rb====\n");
shell_exec(''php rb.php );
?>

Open in new window

0
 
Dan CraciunIT ConsultantCommented:
No, don't add that to rb.php.

Just use that line from inside your web page, from where the reboot is not working.
The idea is to start a new php instance to run your php file.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
duncanb7Author Commented:
I create other new php junk.php to
do shell_exec('php rb.php')   that
is only working on linux shell but not on corn-job or browser


Any more advise


Duncan
0
 
duncanb7Author Commented:
0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot

Why it's not working on cronjob  but work on linux command ?

Should we focus it first to get the hint ?

Root Permission or privilage issue is already solved, why still issue


Duncan
0
 
Dan CraciunIT ConsultantCommented:
So, let me get this straight:
1. you created a new php file, called junk.php
2. this file contains:
<?php 
shell_exec('php rb.php');
?>

Open in new window

3. you navigated with a browser to http://yourhost/junk.php

And the server did not reboot?
0
 
duncanb7Author Commented:
it didn't work, my putty program on my Pc is still working after I
surf http://mysite/junk.php.  If  work, the putty program will
be stopped or shut-down or disconnected.

Duncan
0
 
Dan CraciunIT ConsultantCommented:
In what cron are you running that?
Have you tried this in cron?
echo  "PASSWORD" | sudo -u root -S /sbin/shutdown -r now
0
 
duncanb7Author Commented:
0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot

Why it's not working on cronjob  but work on linux command ?

Should we focus it first to get the hint ?

Root Permission or privilage issue is already solved, why still issue

Should we focus this ?

We know the result from cron-job or command php script  is different Sometimes . Why ?

Duncan
0
 
duncanb7Author Commented:
I need reboot not shutdown
0
 
Dan CraciunIT ConsultantCommented:
/sbin/shutdown -r now will reboot
/sbin/shutdown -h now will shutdown.
0
 
duncanb7Author Commented:
echo  "PASSWORD" | sudo -u root -S /sbin/shutdown -r now

that is even NOT working on cron-job
0
 
duncanb7Author Commented:
but it work on linux shell

echo "PASSWORD" |sudo -u root -S shutdown -r now

but NOT on  cron-job

So the issue is same why work on linux command or linux command php script
but not on browser and not on cron-job

Please advise

Duncan
0
 
Dave BaldwinFixer of ProblemsCommented:
It's not working because the user for the web server doesn't have permissions to do that.  As far as I know, you can't use 'sudo' to enable the Apache user to do anything like that.  They intentionally prevent that from happening.
0
 
Dan CraciunIT ConsultantCommented:
That's why I suggested "php rb.php". Trying to execute the script under a new instance of php, hopefully running under a user other than Apache.
0
 
duncanb7Author Commented:
Dave,

I put 0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot
in cron-job at /var/spool/cron/ that is not working even I am root user

and I aready chmod 777 the rb.php that is also not working and is not
related to permission and permission is aready handled on
echo  "PASSWORD" | sudo -u root -S  reboot and set user in sudoers files.

Please advise

Duncan
0
 
serialbandCommented:
First off, putting a password into any clear text file is just horribly bad practice.  You really should never, ever do that.

What exactly are you trying to accomplish?  It seems that you only want the remote user to reboot the system.  There are more secure ways to do that.

When you use cron, you need to set the full path names to the commands because your shell and the cron environments are different.  Not everything is in the path in cron.  You'll have use the full path to make sure.  That's probably the problem in your web php script as well.
0 6 * * *  /bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot
0 6 * * *  /PATH_TO_PHP/php /PATH_TO_SCRIPT/rb.php

Why are you using a browser to reboot the server instead of just giving the user ssh access with a single sudo command?

That link you provided is a very rudimentary sudo example for a beginner.  It just gives a simple full access for a user on a personal workstation.  You need the full sudo manual for more complex setups on servers.
http://www.sudo.ws/sudoers.man.html 
You should not give the user full sudo access to root from the web page.  Instead, you should set up the apache (or whichever account your browser runs as) to sudo with permissions to only run the reboot command as root on your specified host without a password.

USER   MY_HOST = NOPASSWD:    /bin/reboot
duncan7b   MY_HOST = NOPASSWD:    /bin/reboot


What user is your cronjob running as?  If you really want to schedule a reboot every day at 6 am, you should create it as root or put it in /etc/cron.d/* not as some other user that has to sudo.

Your -u root option is redundant when you want to sudo as root.  You only need -u when you want to run as some other non-root user.  You should remove that.  If you set your user to sudo reboot without a password, you can take out the echo command, the plain text password and the pipe.  You'll have something much simpler and more secure.
0 6 * * *  /usr/bin/sudo /sbin/reboot


You also shouldn't set chmod 777 to your scripts.  You could do 755 to prevent writes by other random users.  777 is mainly for fully accessible folders or soft links.
0
 
duncanb7Author Commented:
serialaband,
you are right,
0 6 * * *  /bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot is working

and it also work on cron-job with php rb.php if fix it to
exec('/bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot ');

Now it solved my first question of this thread

The last question, why I want to use php to reboot my server on my broswer because
if my server is running too much work and really slower and I could NOT access
linux shell thru PUTTY since the server reject it  due to unknown system issue, so I need one way to reboot the server on browser  if I know the root password. And I don't want to go to the location of server to do hardware reset button. My expectation that is
similar to the hosting company provide user can reboot or shutdown or start its VPS
server on browser remotely by which hosting company will save some time  not to
argue with user for VPS system issue.

The problem is I can run php rb.php on linux shell because I know the root password
and I add mylogin  on /etc/sudoers file so my login account could run .

But for browser users, how can assign right to the browser user to run root command in php like exec('/bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot ') on browser ?

I take a look on PHP shell on browser that can help broswer users to run any root command if they know the root command on browser.
http://www.tecmint.com/linux-shell-access-on-browser-using-php-shell/
But it seems that is too complicated, just run such simple reboot root command, Is it right ?

Or I need to setup webpage for browser user validation to check he is authorized-user
or not first and then let them run the root command. There is two steps, Any good
comment and suggestion that is similar to  we can see login process and allow user to the  system tool in Cpanel

(chmod 777 is just for testing only)

Please advise

Duncan
0
 
serialbandCommented:
Did you read the middle of my thread about setting altering sudo to only do the reboot with no password?  That would work for apache.

Also, REMOVE the PASSWORD from your cron and scripts.  That was my first sentence, which is solved by the alteration to sudo permissions in the part you've skipped.  Putting passwords in a text file is horrible security, especially when you give people access from the web.  If they get a hold of the text of the script from the web server, they have your password with full sudo root access.

Change the following in /etc/sudoers with visudo.
mylogin   ALL = (ALL)    ALL

To this:
USER   MY_HOST = NOPASSWD:    /bin/reboot     (MY_HOST == your server's host name)

If your server's host name is WebServer:
apache   WebServer = NOPASSWD:    /bin/reboot

That should let apache reboot the webserver as root.  It won't have any other root privileges, but this is still a bad kludge.

You're not fixing the root of the problem.  You should fix the load issues on your server so you don't have to reboot.  Check the logs to see what's going on.  You can tune apache and maybe change the number of threads your server can handle.  You should check your php code to make sure you're doing it correctly so it doesn't overload the server.

You don't need to give write permissions for testing text script.  chmod 755 would be sufficient.  You only need execute permissions for a compiled binary (chmod 711).
0
 
duncanb7Author Commented:
Thanks for all of your reply
the issue is solved for the user to  run the root command on cron-job and
php script running on linux shell.

And the issue for reboot on browser that is also worked on rb.php
with system("sudo /sbin/reboot") since when running rb.php on browser
and system command is running on behalf of  default user and user group
that is set on apache conf file.
So all browser users are using the same
user and user group(mylogin & mylogin) to run any command in php. And the right privilege of reboot command for the mylogin user is set on /etc/sudoers that is mentioned in previous reply post. That is why other browser users can run  root reboot command.

To set or chose the authorized user to run reboot command in rb.php or direct command of sudo /sbin/reboot, we need to setup autthorized login page and let the browser users to run the command as long as they can log in the login page successfully. The phpshell.php is a good exmple to do
that.

-1- Downlod the phpshell source code into the remote server
from http://www.tecmint.com/linux-shell-access-on-browser-using-php-shell/
-2  Add mylogin   MY_HOST = NOPASSWD:    /sbin/reboot in /etc/sudoers file
-3  Comment "Defaults    requiretty"  with "#" in  /etc/sudoers file in which let sudo
command to work for non tty device  or put "Defaults:mylogin !requiretty"
-4 Create authorized user account and password in phpshell.php at server  on browser
-5 Run sudo /sbin/reboot  on the phpshell.php at server on browser after successfully login

After those five steps , remotely reboot the server on browser is allowed with
authorization login

Duncan
0
 
serialbandCommented:
Thinking back on this, if your web server is getting wedged, you should probably just restart apache, instead of rebooting.

apache   WebServer = NOPASSWD:    /etc/init.d/apachectl

Then have your php script only run /etc/init.d/apachectl restart

That apachectl command depends on your version of linux.

If you really must reboot, then add both commands.  Server reboots should be last resorts, since many things are solvable without a reboot.

apache   WebServer = NOPASSWD:    /etc/init.d/apachectl,/bin/reboot

You should also figure out what's causing your server to freeze.  A normally working web server does not require frequent reboots.

If you can't ssh into the system, but everything seems functional, it's possible that your disk filled up.  You could leave yourself constantly connected to ssh to monitor that.  The next time a problem happens, you could see why other people aren't able to start new ssh connection.  Maybe you partitioned your system incorrectly for a web server and made only a single partition, or didn't partition out /tmp and /var from /.  /tmp is emptied upon reboot.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 11
  • 6
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now