I have a script in /var/www/Web-EvilBlock/EvilBlock.py
It needs to have sudo permissions to work
My problem is that from my web page in php, I have a button that executes that .py script, but it doesn't work.(Need sudo permissions)
The only way I've gotten it to work is in visudo by adding the line: www-data ALL=(ALL) NOPASSWD: ALL But I would like to make it a little more secure. Is there any other way? I am new to linux.
www-data is the owner of /var/www/Web-EvilBlock and have execution permission
EDIT:Someone answered my problem. I added this line in visudo : www-data ALL=(ALL) NOPASSWD:/usr/bin/python3 /var/www/Web-EvilBlock/EvilBlock.py But now i need another button that uses sudo pkill -f EvilBlock.py
To make the user www-data only have sudo permissions for the EvilBlock.py I have added the following line at the end of visudo:
www-data ALL=(ALL) NOPASSWD:/usr/bin/python3 /var/www/Web-EvilBlock/EvilBlock.py
For www-data being able to do "sudo pkill -f EvilBlock.py" I have created a .sh file with the "command" inside. Then in visudo I have added the following line:
www-data ALL=(ALL) NOPASSWD:/usr/bin/bash /var/www/Web-EvilBlock/pkill.sh
NOTE: Be very careful when editing the sudoers file, as incorrect changes can render your system unusable
PHP code for execute the .py:
$output = shell_exec('sudo python3 /var/www/Web-EvilBlock/EvilBlock.py');
PHP code for pkill the .py:
$output2 = shell_exec('sudo pkill -f EvilBlock.py');