How to execute centos command line srcipt using PHP?

Question

0.00/5 (No votes)

See more:

I want to excute some command line script in centos using, for example "shutdown -h now",...
I have username and password for root privilege but when I use browsers to run php file, it not work.
Here is my PHP code:

PHP

<?php
   shell_exec('/sbin/shutdown -r now');
?>

I also find some guide, about like this:
php - Use shell_exec() to restart server? - Stack Overflow[^]
but I think why use this while I have root username and pass? And I not found /etc/sudoer directory.
Please help me. Thanks

What I have tried:

Execute Centos command line srcipt using PHP, such as, reboot machine,...

Posted 27-Feb-17 19:30pm

Member 10390715

Updated 28-Feb-17 0:15am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Jochen Arndt · Accepted Answer · 2017-02-28T00:15:00

Solution 1

Quote:
but I think why use this while I have root username and pass?

You have the password but it has to be entered when required. How do want to do that when the web server executes a script?

Quote:
And I not found /etc/sudoer directory

It is not a directory but a file. And you should use visudo to edit that file instead of using an editor.

The web server will not run the script as root. In most cases the PHP script is run as the user that runs the server (e.g. wwwrun or apache).

When using shell_exec to execute commands that are not allowed for the user running the script, you have to execute that command as another user (root in your case).

This can be done using sudo (43.1.4.3.2. The sudo Command[^]).

But sudo will prompt for a password which will not work when called from a script started by the web server. The solution is to allow specific users executing spefic commands using the /etc/sudoers file (use visudo to edit that file).

An example entry might look like

wwwrun ALL=(root) NOPASSWD: /sbin/shutdown

But a better solution would be creating a dedicated script. This will ensure that only this script can be executed as root because it is a bad idea to give the web server account root privileges for various commands.

Move to a folder where you want to store the script (e.g. /usr/local/bin) and create the script (named reboot.sh here) using your favorite editor as root:

Bash

#!/bin/bash
/sbin/shutdown -r now

Make the script executable:

sudo chmod u+x reboot.sh

Now edit the sudoers file and allow the script to be executed:

sudo visudo

Add this line at the bottom (assuming the PHP script is executed as user wwwrun)

wwwrun ALL=(root) NOPASSWD: /usr/local/bin/reboot.sh

Then call this script using sudo

PHP

shell_exec('sudo /usr/local/bin/reboot.sh');

Posted 28-Feb-17 0:15am

Jochen Arndt

Comments

CPallini 28-Feb-17 6:28am

5.

Member 10390715 1-Mar-17 4:50am

But How can I find PHP script user?

Jochen Arndt 1-Mar-17 5:09am

When executing a script the user name is provided in the $USER variable.

So you can put a statement into the script to write that to a file:

echo "$USER" > /tmp/www_script_user.txt

or executed that:

shell_exec('echo "$USER" > /tmp/www_script_user.txt')

Then read the file content (here from the shell):

cat /tmp/www_script_user.txt

Or check the documentation of your web server on which user is used when executing scripts. In most cases this should be the same user that runs the server. To get that user execute (here for the Apache server)

ps -aux | grep apache

The first column will show the user name (usually wwwrun or www-data).

Member 10390715 2-Mar-17 2:53am

Hi, I use this:
echo "$USER" > /tmp/www_script_user.txt and result is root

Jochen Arndt 2-Mar-17 3:03am

When your script is executed as root, there is no need for all this and you should be able to execute the shutdown command.

But a web server should never be executed as root.

Member 10390715 2-Mar-17 3:30am

I don't know but here :(
[root@IPU ~]# ps -aux|grep apache
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
apache 2625 0.0 0.6 66364 6444 ? S 22:28 0:00 /usr/sbin/httpd
apache 2626 0.0 0.6 66364 6444 ? S 22:28 0:00 /usr/sbin/httpd
apache 2627 0.0 0.6 66364 6444 ? S 22:28 0:00 /usr/sbin/httpd
apache 2628 0.0 0.6 66364 6444 ? S 22:28 0:00 /usr/sbin/httpd
apache 2629 0.0 0.6 66364 6444 ? S 22:28 0:00 /usr/sbin/httpd
apache 2630 0.0 0.4 66364 4956 ? S 22:28 0:00 /usr/sbin/httpd
apache 2631 0.0 0.6 66364 6444 ? S 22:28 0:00 /usr/sbin/httpd
apache 2632 0.0 0.4 66364 4956 ? S 22:28 0:00 /usr/sbin/httpd
root 3268 0.0 0.0 4028 700 pts/0 S+ 22:32 0:00 grep apache

Jochen Arndt 2-Mar-17 3:32am

So you have an Apache running as user 'apache'. Then I would expect that the script is executed as the same user (when launched from a web page).

Member 10390715 2-Mar-17 3:37am

But when I run echo "$USER" > /tmp/www_script_user.txt in command line windows ====> resutl is root.
How can I switch user, and run PHP with apache user?

Jochen Arndt 2-Mar-17 3:42am

That must be run within the script when executed from the Apache!

If you run it on the command line it is showing the login user (and there is no need to write the result to a file).

Member 10390715 2-Mar-17 3:56am

Ok, I understand. But now I have edit sudoers file to
apache ALL=(root) NOPASSWD: /usr/local/bin/reboot.sh
And enter browers http://192.168.0.203/IPU-GUI/website2/reboot.php.
But it still not work. :(

Jochen Arndt 2-Mar-17 4:40am

Then it is time for some debugging to check what is going on. You can let the PHP script output some HTML to be shown in the browser. Or can can use the already shown method to let the shell script write to a file in reboot.sh:

echo "PHP script started as $USER" > /tmp/php_script.txt
/sbin/shutdown -r now &>> /tmp/php_script.txt

The "&>>" of the second command will append the standard and error output to the file /tmp/php_script.txt.

If there is no file, the PHP script has not been executed. Then check the Apache logs and optionally let the PHP script print some HTML.

Note that Apache must be configured to support PHP (load modules) and allow execution of scripts.