How to run PHP exec() as root?
I’m trying to build a firewall manager in PHP, but when I execute, , the result array is empty. I have tried, , and the response is www-data (the user that Apache is using). What can I do to execute the exec function as root? (Preferably without changing the Apache user.)
You should not give www-data root permissions this is a massive security risk, please see my answer below as an alternative
8 Answers 8
Don’t do it! You will leave yourself wide open to all sorts of malicious hackery.
Have a look at the «sudo» documentation.
You should be able to set up all the commands you need as «sudo»able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.
Sudo is the solution I used when faced with a similar problem. These SO questions served as useful references: stackoverflow.com/questions/113728/… stackoverflow.com/questions/349884/…
@Fredrico — take a good look at the «sudoers» documentation you can specifiy NOPASSWD for a combination of user/group and command
I think that even sudo is limited when You have to do with stuff like change a password for another user different then httpd user using for example passwd command. It just won’t work because some commands require root privileges and doesn’t rely on sudoers
I know this is an old question
add the user php runs on to the sudo group if it is not already assigned
use sudo -S, so you can pass the password via echo
$exec = "echo your_passwd | /usr/bin/sudo -S your command"; exec($exec,$out,$rcode); if you have trouble with the paths — use
"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'" so you get a new bash that acts like a login shell and has the paths set
check the man pages of sudo
login('username', 'password'); $ssh->read('[prompt]'); $ssh->write("sudo command\n"); $ssh->read('Password:'); $ssh->write("Password\n"); echo $ssh->read('[prompt]'); ?> You can put the required commands in a separate script/executable file (sh, PHP, a real executable, doesn’t matter), change its owner to root, and apply «setuid» to it.
This will allow anything and anyone to run this script as root, so you need to make sure that it has it’s own security rules for seeing if this is allowed, and is very restricted in what it does.
How to run an exec() function as root and non-interactive?
I am looking to fork() and exec with root privlages. It seems that privileges are not passed from the main thread once an exec function is called. Now I have seen the post here that describes how to run a process as root, but when I try their solution..
char sudo[]="/usr/bin/sudo"; char pbin[]="/usr/local/bin/puppet"; execl(sudo,sudo,pbin,(char *)NULL); The sudo command prompts for daemon’s password. I am looking for non-interactive way to run the process as root. Is there anyway to do this short of removing Daemon’s password?
If you could write a C program which fired up a root process without any security verification, then there wouldn’t be much point having root privileges, right? If your program requires root privileges to work correctly, document that fact and let the user sudo tour peogram.
The initial process and thread that called fork() is ran using sudo . It seems these privileges are not passed when exec function is called.
@benjamin: execve does not drop privileges. What evidence do you have that it is? If you start your executable as root, any children will also be run as root, so you should not need to use sudo in the exec.
The main process as well as the child process I want to create both need read access to /dev/mem . It seems the main process is able to read fine, but the child process cannot. I will get an access denied /dev/mem error
1 Answer 1
To test the premise of your question that,
«It seems that privileges are not passed from the main thread once an exec function is called.»
I wrote the following test code,
#include #include #include int main() < // printf("starting"); char sudo[]="/usr/bin/sudo"; char pbin[]="mkdir"; // printf("running test: %s %s",sudo,pbin); errno=0; if (fork() == 0) < int res = execl(sudo,sudo,pbin,"/bin/child",(char *)NULL); // printf("res:%d", res); >else < sleep(2); int res = execl(sudo,sudo,pbin,"/bin/parent",(char *)NULL); // printf("res:%d", res); >> And to my surprise, it worked without a problem, giving the following output:
$ sudo rm /bin/parent -rf ; sudo rm -rf /bin/child/ $ ls /bin/child/ -la ls: cannot access '/bin/child/': No such file or directory $ ls /bin/parent/ -la ls: cannot access '/bin/parent/': No such file or directory $ gcc main.c $ sudo ./a.out $ ls /bin/parent -la total 8 drwxr-xr-x 2 root root 4096 Mar 6 11:42 . drwxr-xr-x 4 root root 4096 Mar 6 11:42 .. $ ls /bin/child -la total 8 drwxr-xr-x 2 root root 4096 Mar 6 11:42 . drwxr-xr-x 4 root root 4096 Mar 6 11:42 .. As you can see there is a directory created by the parent process as well as the child process with root privileges.
Which got me thinking that your problem is in fact something else, as you state:
«The sudo command prompts for daemon’s password. I am looking for non-interactive way to run the process as root. Is there anyway to do this short of removing Daemon’s password?»
What you really want is a password-less sudo, which can be obtained by running
making your sudoers file looking like this.
# # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL ALL ALL=(ALL) NOPASSWD: ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d How to run applications as root?
I am having some strange issue with Kate and Kwrite. When I click on Open File, it crashes with segmentation fault. I am a complete newbie to Linux, and I think the issue is that I am not running the application as root. How do I run applications as root in Ubuntu? Is it bad practice to do this? What is the purpose of the whole root thing, where even though we need to use root so frequently, it is not utilized as default?
You can do some very damaging things when using root to open an editor so please do not go that way 😉 2 other solutions that do not require root: try and fix the segmentation fault or use another editor (gedit is gnome’s editor). kate en kwrite are KDE program (so not Gnome).
@АртёмЦарионов For one thing, as root you can edit files your computer uses to start up the operating system or load your graphical environment, effectively breaking your computer.
5 Answers 5
It is pretty simple to run a program as root.
For a console program use
If it is a GUI application use
UNIX-like operating systems (including Linux) use a concept called privilege separation to ensure that the system stays safe. UNIX was designed as a multi-user system from the ground up — that is, it was designed so that many people could use one computer running UNIX at once. Because most users don’t need to be able to modify the core system only the system administrator should have that privilege. That privileged user is traditionally called root. (Root is a lot like Administrator in Windows.)
This makes sense on several levels. Commonly, a web server or other process that exposes a port to other (possibly malicious) computers will run as its own user (Apache runs as the user nobody ), so that even if the web server program is hacked, the attacker can’t trash the entire machine quite so easily. It even makes sense for mostly single-user machines such as desktops: if other members of your family, for example, somehow manage to run rm -rf / (do NOT run that), they won’t have permission to delete every file on the system, like they would if there were no such thing as privilege separation.
There are several commands you can use to elevate your privileges. The sudo command exists to temporarily give you root-level privileges when you need them to administer the system. You can also use the commands gksudo or su . The latter can be used only if you know root’s password and is a good option if your account doesn’t have permission to use sudo .
The root user can do anything on a system, with almost no exceptions. So even if you request something by accident, it will be carried out with little or no warning, even if it’s bad for the health of your system. This is why it’s good practice to do most of your activities as a normal user, and use root only when needed, like when you’re installing a program.
You shouldn’t need to use root to get rid of a segmentation fault. If root is the only thing that fixes a segfault, then the program has a bug. Programs should not fail like that just because they don’t have root.
Run PHP shell_exec() like root user
I building one PHP application where I create command line functionality for Linux debian Jessie. All works fne but I need to be able use some commands like root user. Is there a way to use shell_exec() or similar command to access like root user via PHP? Idea of this command line is to people who have access to that server can handle with it over internet from any place or device. Here is image of console:
2 Answers 2
Executing commands as root via PHP will leave yourself wide open to all sorts of malicious hackery.
Have a look at the «sudo» documentation.
You should be able to set up all the commands you need as «sudo»able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.
exec ('sudo getCurrentUser.sh') First, you need to add the user that PHP is using to run (most of the time it is www-data ) to the sudo group if it is not already assigned.
use sudo -S, so you can pass the password via echo
$exec = "echo your_passwd | /usr/bin/sudo -S your command"; exec($exec,$out,$rcode); if you have trouble with the paths — use
"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'" so you get a new bash that acts like a login shell and has the paths set