What should I do to securely run some CordovaCLI commands such as: cordova prepare, cordova clean, cordova platform add android with Apache Cordova 5+ in Linux Ubuntu web server by running a bash script, or even better from within a php script?
Asked
Active
Viewed 42 times
2 Answers
0
I solved this (not sure if this is securest way though).
I added
NOPASSWD:path/to/bash/script
directive to my www-data section on /etc/sudoers file
Then I set the owner of bash-script.sh to www-data
Finally I executed a shell within php using
sudo -u www-data /path/to/bash/script/bash-script.bash
And, so far, it is working, although I am not sure this is a secure method to consider it the definitive solution.
jjyepez
- 352
- 3
- 7
0
Here is a project that gives you a real Bash Shell: https://github.com/merlinthemagic/MTS
Once installed you get a shell the following way:
$shellObj = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', false);
The $shellObj now contains a shell object logged in as the same use that executes php.
Now you can execute commands against that shell the following way:
$returnData1 = $shellObj->exeCmd("cordova clean");
//or
$returnData2 = $shellObj->exeCmd("cordova platform add android");
Your question centers on security and the shell is logged in as the same user that runs php, so no elevation is performed. However if you require elevated access to execute the cordova binary then allow your web-server user sudo access to the binary.
MerlinTheMagic
- 575
- 5
- 16