1

I have the following php script for password change: <?php error_reporting(E_ALL); ini_set('display_errors', TRUE); ini_set('display_startup_errors', TRUE); ini_set('display_error', true);

$cmd = 'sudo -u root sh -c \'/usr/bin/echo "username:pass" | sudo /usr/sbin/chpasswd 2>&1\'';
exec($cmd,$output,$return_val);
print_r($output);
echo $return_val;
?>

This script show error in browser:

pam_chauthtok() failed, error: [1] => Authentication token lock busy [2] => chpasswd

But the command

sudo -u root sh -c '/usr/bin/echo "username:pass" | sudo /usr/sbin/chpasswd 2>&1'

work fine. Can please someone give me a tip, why I get in browser the error above?

Filesystem is in rw mode. Files /etc/{passwd,shadow} have a correct permissions

Thank you in advance

kbu
  • 255
  • 4
  • 14

2 Answers2

1

The solution was to comment out ProtectSystem=full in php-fpm.service unit:

# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
#ProtectSystem=full
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
kbu
  • 255
  • 4
  • 14
  • You may change this to `true` instead, which will allow writing to `/etc` but still prohibit writing to the other named directories. – Michael Hampton Jul 27 '21 at 23:34
0

Browser php runs using www-data user

Add permissions for www-data to use sudo through shell using visudo command and append this line

www-data   ALL=(ALL:ALL) ALL

Its' syntax is

user    hosts=(users:groups)    commands
Ajay Singh
  • 297
  • 1
  • 3
  • 13