I am trying to get sudo working inside a particular directory. I can get the correct output when I use:

echo (shell_exec("sudo -V"));

(displays the version number) but other commands, especially shell commands, do not seem to be working with sudo (I can get shell commands like cp to work inside this directory on their own, from shell_exec()).

I need to be able to use sudo to read and write to files in a protected directory that has a symlink in the one I am working in. But I can't even get sudo to execute shell commands like cp inside my own (fully permission-enabled) directory. Anybody got any tips?

    This probably isn't a PHP issue. Leave the PHP aside for now.

    Try setting up your sudo, then su in as the unpriviliged web server owner (possibly "nobody" or "apache") and see if you can execute the script.

    To setup the sudo, you need to run "visudo" as a privilged user, within visudo, you could include a line something like:

    nobody		ALL = /var/www/scripts/scriptname

    This will allow the "nobody" user to run scriptname.

    Now "su -l nobody" and check that you can indeed run the script.

    Note, "su -l nobody" may not work as logins may be disabled for "nobody". If this is the case, repeat the vimsudo and substitute a different unpriviliged user.

    Once you've got it working, change it back to nobody, or whoever runs your httpd, and retry from within PHP.

    Hope this helps.

      Okay, I will see if I can get in to use visudo. When I do a shell_exec("whoami") I get "httpd" as the response, so enabling permission to run scripts in sudo as this user may be the answer.

        Originally posted by ajking
        Okay, I will see if I can get in to use visudo. When I do a shell_exec("whoami") I get "httpd" as the response, so enabling permission to run scripts in sudo as this user may be the answer.

        you can also see the name of the apache user by doing ps -eaf | grep httpd

        Best of luck!

          My system admin has told me that he has enabled httpd to run sudo commands in my directory.

          But darned if I can get sudo to do what I want it to do.

          For example, I can successfully create a symlink in php and then copy a file to it using a shell command with the following:

          shell_exec("cp [email]somename@somedigital.com[/email]/blacklist.txt ./symlink/blacklist.tmp");

          Unfortunately, when I try the same thing with sudo, as in:

          shell_exec("sudo cp [email]somename@somedigital.com[/email]/whitelist.txt ./symlink/whitelist.txt");

          nothing happens.

            have you tried echoing the result of this command and/or searching your apache logs? These might help highlight any error messages.

              I got sudo working by writing my php line this way:

              shell_exec("sh sudo cp somefile ./newfile");

              In other words, I added the "sh".

              Thanks, justsomeone, for your help.

                ...interesting. I haven't seen anything like that before. 😕

                  Write a Reply...