How to make a system call remotely?

Question

I have an app that has to mount a disk on a server. The disk and the server all connected, it just has to use the linux \'mount\' command.

I wrote a php that is s

Answer 1

This solution seems not to work. I don't know why since I havent used SetUID with shell scripts. But I let this answer stay here just in case someone wants to refer to it.

For security reason I would recommand you to put your code into a bash file. Use the SetUID-bit to execute the bash file as root from within any other user. This way your file is not writeable by anyone else than root and you don't need to handle with sudo. Otherwise you allow your php-process to execute code as root which, in most cases, is a very bad idea.

The reason why you don't receive any output is probably because it ask for a password an there is no way for exec to enter one.

Edit: Change your php call to:

<?
exec("/var/www/MountTheDisk.sh");
?>

Than create a bash file (/var/www/MountTheDisk.sh) with some content like this

#!/bin/sh

// this script will be executed as root
diskutil mount /dev/xvdb1 /mnt/theDisk/
echo trying to mount

Now set SetUID bit and change owner to root. (musst be done via root shell)

// make script executable
chmod +x /var/www/MountTheDisk.sh

// setuid bit
chmod u+s /var/www/MountTheDisk.sh

// change owner to root
chown root:root /var/www/MountTheDisk.sh

Note: Any user can run this file. Any call will result in it beeing executed as root.

Answer 2

The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.

1. Run the command sudo visudo. Actually we want to edit the file in etc/sudoers.To do that, by using sudo visudo in terminal ,it duplicate(temp) sudoers file to edit.
2. At the end of the file, add the following ex:-if we want to use command for restart smokeping and mount command for another action,

www-data ALL=NOPASSWD: /etc/init.d/smokeping/restart, /bin/mount

(This is assuming that you wish to run restart and mount commands using super user (root) privileges.)

However, if you wish to run every application using super user privileges, then add the following instead of what’s above.You might not want to do that, not for ALL commands, very dangerous.

www-data ALL=NOPASSWD: ALL

3.After edit the sudoers file(by visudo we edit the temp file of sudoers so save and quit temp file(visudo) to write in sudoers file.(wq!)

4.That’s it, now use exec() in the following manner inside your xxx.phpscript.keep remember to use sudo before the command use in the php script.

ex:-

exec ("sudo /etc/init.d/smokeping restart 2>&1");

So in your problem,add the commands that you wish to use in to the step no (2.) as I add and change your php script as what you want.