Search code examples
phpshellexec

Unable to execute system commands from PHP

I am trying to execute a couple of scripts by using a remote interface. The environment is Raspbian on a Raspberry Pi (although I will be using Debian later as well) running LAMP.

The files are test.php and test.sh in the root directory of the webserver (say example.com) test.sh

#!/bin/bash
sudo pkill chromium-browse
sudo reboot

test.php

<?php
$output=null;
$resultCode=null;
exec("./test.sh", $output, $resultCode);
// $ouptut = shell_exec('./test.sh 2>&1');  //tried this too
// echo shell_exec("./test.sh");  // as well as this
echo "Returned with status $resultCode and output:\n";
print_r($output);
?>

Initially, I had used

chmod u+x test.sh

but got an error code of 126. So I did this:

chmod 777 test.sh

Now I get an error code of 1, but it still doesn't execute. I have also tried

 sudo visudo

then added

pi ALL=(ALL)    NOPASSWD: ALL

(pi is the current loggedin user) Currently I am getting this:

Array
(
    [0] => 
    [1] => We trust you have received the usual lecture from the local System
    [2] => Administrator. It usually boils down to these three things:
    [3] => 
    [4] =>     #1) Respect the privacy of others.
    [5] =>     #2) Think before you type.
    [6] =>     #3) With great power comes great responsibility.
    [7] => 
    [8] => sudo: no tty present and no askpass program specified
)

Note: I use sudo all the time at the command line without being asked for a password.

I do have another php file in the same directory that executes an actual system command successfully. It has this line:

$uptime =  exec("uptime");

which works just fine, so I know system commands are possible. Is there any way to do this? I have seen other similar questions on SO and other sites, but none of those answers have worked for me.

Any help appreciated.

Solution

  • Background processes like the web server do not run under the logged in username but have their own user ids.

    If you do ps axu on your command line, you can determine the user that the web server process is running as. This is just an example from my Ubuntu machine using apache but your result will be very similar:

    www-data 15511 0.0 0.2 371988 39800 ? S 09:24 0:00 /usr/sbin/apache2

    That www-data is the user name of the process that's running apache. So you need to give su privileges to that user to enable it to run su commands rather than the pi user.

    I should warn you that this is a massive security issue, and you're basically giving external web-users permission to hack and destroy anything they like on your system... but if this is a hobby project and you have no external users, then it's not so important.