.sh file apache exec

Amin El-Zein
Amin El-Zein used Ask the Experts™
on
Hello,
I have a php file that is excue a .sh command:
<?php
  echo exec('/var/www/html/disable.sh');
?>


the .sh file command is:
sudo  cp /var/www/html/1.cfg /var/www/html/2.cfg


when I run it from ssh from root user account using
php /var/www/html/disable.php the /sh work fine
when I runt it from browser is not working !
so what I have to do ?
thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fractional CTO
Distinguished Expert 2018
Commented:
Apache doesn't run as root.

You can run this command to determine what user/group Apache runs under.

ps auxww | egrep -i -e apache -e httpd -e fpm

Open in new window


Also notice the FPM search also. If PHP runs under FPM, then FPM ownership must be considered too.

Likely the way to handle this is to read https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits carefully to determine how best to assign root ownership to your disable.sh script or...

Read https://askubuntu.com/questions/116144/how-do-i-run-apache-as-root carefully to allow Apache to run some random script path as root, with no password... since there's no interactivity with Apache.

Both approaches have their pros + cons. I'd likely go with the sudo approach, as this will provide better security. Said another way, going the password-less sudo way, you'll have far less security issues to consider.

Author

Commented:
hello i try it with souders file but notworking !
anyidea ?
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Follow the sudo user walk through above carefully.

Be sure to first verify what user/group your Apache runs under, for your sudo setup to work correctly.

Author

Commented:
Hello,
the apache run as www-data
I tried to edit sudoers files and add: ALL ALL=NOPASSWD: /var/www/html/a.sh
it's not working !
thanks.

Author

Commented:
hello,
any suggest please ?
thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial