0

I'm trying to access a deb system service with PHP shell_exec and I just can't get it working.

This is the command I am trying to run from a php script :

shell_exec('sudo service icecast2 stop');

But it's not working for two reasons..

1) I'm not sure if I'm granting the correct user permissions in /etc/sudoers ? 

%www-data ALL=NOPASSWD: /sbin/???????

2) ??????? = I'm not sure where to point to in the /sbin to allow access to system services? I've tried a variety of things but as I'm not sure which part I'm getting wrong (possibly both) I haven't been able to get anything to work.

Any help appreciated ;)

spice
  • 1,442
  • 19
  • 35
  • Possible duplicate of [PHP sudo in shell\_exec](https://stackoverflow.com/questions/5652986/php-sudo-in-shell-exec) – Don't Panic Feb 27 '19 at 23:42
  • Does that other question help? There are many others very similar if you search. – Don't Panic Feb 28 '19 at 00:12
  • Thanks for posting it but no it doesn't. I must have looked at over 50 different threads (including this one) and articles about this subject but I just can't get this working. Getting no errors in the logs, just not working. Am I even granting the correct user permission? www-data? I'm using Apache2 with nginx reverse proxy if that helps? – spice Feb 28 '19 at 00:27

1 Answers1

0

On my Debian systems service is in /usr/sbin, not in /sbin. So it should be:

%www-data ALL=NOPASSWD: /usr/sbin/service

You should also use the full path in the shell_exec() command, as /usr/sbin might not be in the webserver's $PATH.

shell_exec('sudo /usr/sbin/service icecast2 stop');
Barmar
  • 741,623
  • 53
  • 500
  • 612
  • Barmar I could kiss you right now! You have no idea how long I've spent trying to work this out. Thank you so, so much brother :) – spice Feb 28 '19 at 01:10
  • Only have one issue with it.. It only works if I set ALL to root (which is obviously a terrible idea) : `ALL ALL=(root) NOPASSWD: /usr/sbin/service`. When I try to set it to any other user `%www-data` or the actual name my process is running under as reported by using `echo posix_getpwuid(posix_geteuid())['name'];` it doesn't run. Is there anything I'm missing here? – spice Feb 28 '19 at 01:25
  • I'm not really an expert on configuring `sudo`, [unix.se] would be a better place to ask questions like that. – Barmar Feb 28 '19 at 01:26