Solved

reboot linux Centos server in php if know root password

Posted on 2014-04-03
21
2,138 Views
Last Modified: 2014-04-05
Dear Experts,
Based on http://benaiah41.wordpress.com/2008/08/15/37/
Finally, I add "mylogin   ALL = (ALL)    ALL"  in /etc/sudoers files to solve and  allow
sudo for reboot my server successfully  on linux shell command from mylogin account
like this mylogin@mysite.com[~/home/public_html/php/]  echo "PASSWORD" | sudo -u root -S  reboot

So now I try to put the reboot command  on php as follow code and it works just only on linux shell after login  putty program on my home PC  with username=mylogin and my server is rebooting successfully when I type php rb.php

Anyway It does NOT work on browser on my home PC and cron-job on my server.
The php script is for user to reboot the server if they know the root password
from browser or his cronjob scheduler.

I have changed the shell_exec function to exec or system() in php, all doesn't work
 on brower or cron-job but all works on the linux shell(putty) executing the php script.
Why ?

Any idea, sudoers file seems is no issue at all  since I 've already add mylogin account name and liunx command with echo "PASSWORD" | sudo -u root -S  reboot  is working fine.

And it also NOT  work if I put it in cron-job like
0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot
0 6 * * *  php rb.php

So why it is only working on linux shell command and linux shell php script run but NOT  work for  php script run on browser or cron-job for the same  reboot command echo  "PASSWORD" | sudo -u root -S  reboot ?  

And I already change mode(chmod)  to 777for rb.php file

Please advise
Duncan



rb.php
=====
<?php
chdir(dirname(__FILE__));
echo dirname(__FILE__)."==x=\n";
$today = date("F j, Y, g:i:s a");
echo $today."       Starting  rb====\n";
file_put_contents("rb.log",$today."       Starting rb====\n");
shell_exec('echo "PASSWORD"|sudo -u root -S reboot');
?>

Open in new window

0
Comment
Question by:duncanb7
  • 11
  • 6
  • 3
  • +1
21 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Have you tried to run this, from inside your web page?
shell_exec("php rb.php");

Open in new window

HTH,
Dan
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
you mean ? Is it do-looping rb.php itself ? Or create other new php
for shell_exec('php rb.php');

for rb.php file

<?php
chdir(dirname(__FILE__));
echo dirname(__FILE__)."==x=\n";
$today = date("F j, Y, g:i:s a");
echo $today."       Starting  rb====\n";
file_put_contents("rb.log",$today."       Starting rb====\n");
shell_exec(''php rb.php );
?>

Open in new window

0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
No, don't add that to rb.php.

Just use that line from inside your web page, from where the reboot is not working.
The idea is to start a new php instance to run your php file.
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
I create other new php junk.php to
do shell_exec('php rb.php')   that
is only working on linux shell but not on corn-job or browser


Any more advise


Duncan
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot

Why it's not working on cronjob  but work on linux command ?

Should we focus it first to get the hint ?

Root Permission or privilage issue is already solved, why still issue


Duncan
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
So, let me get this straight:
1. you created a new php file, called junk.php
2. this file contains:
<?php 
shell_exec('php rb.php');
?>

Open in new window

3. you navigated with a browser to http://yourhost/junk.php

And the server did not reboot?
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
it didn't work, my putty program on my Pc is still working after I
surf http://mysite/junk.php.  If  work, the putty program will
be stopped or shut-down or disconnected.

Duncan
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
In what cron are you running that?
Have you tried this in cron?
echo  "PASSWORD" | sudo -u root -S /sbin/shutdown -r now
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot

Why it's not working on cronjob  but work on linux command ?

Should we focus it first to get the hint ?

Root Permission or privilage issue is already solved, why still issue

Should we focus this ?

We know the result from cron-job or command php script  is different Sometimes . Why ?

Duncan
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
I need reboot not shutdown
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
/sbin/shutdown -r now will reboot
/sbin/shutdown -h now will shutdown.
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
echo  "PASSWORD" | sudo -u root -S /sbin/shutdown -r now

that is even NOT working on cron-job
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
but it work on linux shell

echo "PASSWORD" |sudo -u root -S shutdown -r now

but NOT on  cron-job

So the issue is same why work on linux command or linux command php script
but not on browser and not on cron-job

Please advise

Duncan
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
It's not working because the user for the web server doesn't have permissions to do that.  As far as I know, you can't use 'sudo' to enable the Apache user to do anything like that.  They intentionally prevent that from happening.
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
That's why I suggested "php rb.php". Trying to execute the script under a new instance of php, hopefully running under a user other than Apache.
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
Dave,

I put 0 6 * * *  echo  "PASSWORD" | sudo -u root -S  reboot
in cron-job at /var/spool/cron/ that is not working even I am root user

and I aready chmod 777 the rb.php that is also not working and is not
related to permission and permission is aready handled on
echo  "PASSWORD" | sudo -u root -S  reboot and set user in sudoers files.

Please advise

Duncan
0
 
LVL 27

Accepted Solution

by:
serialband earned 500 total points
Comment Utility
First off, putting a password into any clear text file is just horribly bad practice.  You really should never, ever do that.

What exactly are you trying to accomplish?  It seems that you only want the remote user to reboot the system.  There are more secure ways to do that.

When you use cron, you need to set the full path names to the commands because your shell and the cron environments are different.  Not everything is in the path in cron.  You'll have use the full path to make sure.  That's probably the problem in your web php script as well.
0 6 * * *  /bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot
0 6 * * *  /PATH_TO_PHP/php /PATH_TO_SCRIPT/rb.php

Why are you using a browser to reboot the server instead of just giving the user ssh access with a single sudo command?

That link you provided is a very rudimentary sudo example for a beginner.  It just gives a simple full access for a user on a personal workstation.  You need the full sudo manual for more complex setups on servers.
http://www.sudo.ws/sudoers.man.html
You should not give the user full sudo access to root from the web page.  Instead, you should set up the apache (or whichever account your browser runs as) to sudo with permissions to only run the reboot command as root on your specified host without a password.

USER   MY_HOST = NOPASSWD:    /bin/reboot
duncan7b   MY_HOST = NOPASSWD:    /bin/reboot


What user is your cronjob running as?  If you really want to schedule a reboot every day at 6 am, you should create it as root or put it in /etc/cron.d/* not as some other user that has to sudo.

Your -u root option is redundant when you want to sudo as root.  You only need -u when you want to run as some other non-root user.  You should remove that.  If you set your user to sudo reboot without a password, you can take out the echo command, the plain text password and the pipe.  You'll have something much simpler and more secure.
0 6 * * *  /usr/bin/sudo /sbin/reboot


You also shouldn't set chmod 777 to your scripts.  You could do 755 to prevent writes by other random users.  777 is mainly for fully accessible folders or soft links.
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
serialaband,
you are right,
0 6 * * *  /bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot is working

and it also work on cron-job with php rb.php if fix it to
exec('/bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot ');

Now it solved my first question of this thread

The last question, why I want to use php to reboot my server on my broswer because
if my server is running too much work and really slower and I could NOT access
linux shell thru PUTTY since the server reject it  due to unknown system issue, so I need one way to reboot the server on browser  if I know the root password. And I don't want to go to the location of server to do hardware reset button. My expectation that is
similar to the hosting company provide user can reboot or shutdown or start its VPS
server on browser remotely by which hosting company will save some time  not to
argue with user for VPS system issue.

The problem is I can run php rb.php on linux shell because I know the root password
and I add mylogin  on /etc/sudoers file so my login account could run .

But for browser users, how can assign right to the browser user to run root command in php like exec('/bin/echo  "PASSWORD" | /usr/bin/sudo -S /sbin/reboot ') on browser ?

I take a look on PHP shell on browser that can help broswer users to run any root command if they know the root command on browser.
http://www.tecmint.com/linux-shell-access-on-browser-using-php-shell/
But it seems that is too complicated, just run such simple reboot root command, Is it right ?

Or I need to setup webpage for browser user validation to check he is authorized-user
or not first and then let them run the root command. There is two steps, Any good
comment and suggestion that is similar to  we can see login process and allow user to the  system tool in Cpanel

(chmod 777 is just for testing only)

Please advise

Duncan
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 500 total points
Comment Utility
Did you read the middle of my thread about setting altering sudo to only do the reboot with no password?  That would work for apache.

Also, REMOVE the PASSWORD from your cron and scripts.  That was my first sentence, which is solved by the alteration to sudo permissions in the part you've skipped.  Putting passwords in a text file is horrible security, especially when you give people access from the web.  If they get a hold of the text of the script from the web server, they have your password with full sudo root access.

Change the following in /etc/sudoers with visudo.
mylogin   ALL = (ALL)    ALL

To this:
USER   MY_HOST = NOPASSWD:    /bin/reboot     (MY_HOST == your server's host name)

If your server's host name is WebServer:
apache   WebServer = NOPASSWD:    /bin/reboot

That should let apache reboot the webserver as root.  It won't have any other root privileges, but this is still a bad kludge.

You're not fixing the root of the problem.  You should fix the load issues on your server so you don't have to reboot.  Check the logs to see what's going on.  You can tune apache and maybe change the number of threads your server can handle.  You should check your php code to make sure you're doing it correctly so it doesn't overload the server.

You don't need to give write permissions for testing text script.  chmod 755 would be sufficient.  You only need execute permissions for a compiled binary (chmod 711).
0
 
LVL 13

Author Closing Comment

by:duncanb7
Comment Utility
Thanks for all of your reply
the issue is solved for the user to  run the root command on cron-job and
php script running on linux shell.

And the issue for reboot on browser that is also worked on rb.php
with system("sudo /sbin/reboot") since when running rb.php on browser
and system command is running on behalf of  default user and user group
that is set on apache conf file.
So all browser users are using the same
user and user group(mylogin & mylogin) to run any command in php. And the right privilege of reboot command for the mylogin user is set on /etc/sudoers that is mentioned in previous reply post. That is why other browser users can run  root reboot command.

To set or chose the authorized user to run reboot command in rb.php or direct command of sudo /sbin/reboot, we need to setup autthorized login page and let the browser users to run the command as long as they can log in the login page successfully. The phpshell.php is a good exmple to do
that.

-1- Downlod the phpshell source code into the remote server
from http://www.tecmint.com/linux-shell-access-on-browser-using-php-shell/
-2  Add mylogin   MY_HOST = NOPASSWD:    /sbin/reboot in /etc/sudoers file
-3  Comment "Defaults    requiretty"  with "#" in  /etc/sudoers file in which let sudo
command to work for non tty device  or put "Defaults:mylogin !requiretty"
-4 Create authorized user account and password in phpshell.php at server  on browser
-5 Run sudo /sbin/reboot  on the phpshell.php at server on browser after successfully login

After those five steps , remotely reboot the server on browser is allowed with
authorization login

Duncan
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
Thinking back on this, if your web server is getting wedged, you should probably just restart apache, instead of rebooting.

apache   WebServer = NOPASSWD:    /etc/init.d/apachectl

Then have your php script only run /etc/init.d/apachectl restart

That apachectl command depends on your version of linux.

If you really must reboot, then add both commands.  Server reboots should be last resorts, since many things are solvable without a reboot.

apache   WebServer = NOPASSWD:    /etc/init.d/apachectl,/bin/reboot

You should also figure out what's causing your server to freeze.  A normally working web server does not require frequent reboots.

If you can't ssh into the system, but everything seems functional, it's possible that your disk filled up.  You could leave yourself constantly connected to ssh to monitor that.  The next time a problem happens, you could see why other people aren't able to start new ssh connection.  Maybe you partitioned your system incorrectly for a web server and made only a single partition, or didn't partition out /tmp and /var from /.  /tmp is emptied upon reboot.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
The viewer will learn how to dynamically set the form action using jQuery.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now