I have edited the sudoers file to allow passwordless execution of the script in question:
wordpress ALL=(root) NOPASSWD: /home/vgnadmin/createnewsite
Defaults:wordpress !requiretty
Here is the code which is supposed to execute the command:
if ($_SERVER["REQUEST_METHOD"] == "POST" && $usernameerr == "" && $sitenameerr == "") {
$username=escapeshellarg($username);
$sitename=escapeshellarg($sitename);
exec("sudo /home/vgnadmin/createnewsite $username $sitename 2>&1", $output, $retval);
if ($retval == 1) {
echo "<h1>Script Failed.</h1><br>";
echo "Error Message:<br>";
foreach ($output as $line) {
echo "$line<br>";
}
But upon entering form information and trying to run the script, I get the error message:
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy plugin
I have checked the journalctl -xe to see if the command was even being run, or any errors produced server side and there are none. Am I missing something?
Other commands that are not sudo run just fine (ls for example).
Here is the answer:
We use mpm-itk (version 2.4.7-02) with apache 2.4 and it works perfectly. The only thing to consider here are the new configuration directives
LimitUIDRangeand
LimitGIDRangeThese directives define, which UIDs and GIDs mpm-itk can use (via setuid/setguid). As you obviously want it to be able to become root, your lower range must be ID 0. The following configuration will work here:
<IfModule mpm_itk_module> LimitUIDRange 0 6000 LimitGIDRange 0 6000 </IfModule>Be aware, the the upper border should include all user UID/GID combinations that you want to use within your configuration via AssignUserID.
Note that you can configure this for each virtual host you have. Note too, that you need a Linux kernel 3.5.0 or higher for this. https://askubuntu.com/questions/491624/setresuid-operation-not-permitted-when-calling-via-php
On RedHat flavours you will need to add the module manually to /etc/httpd/conf/httpd.conf (or wherever your conf file lies).