0

Hello all!

I'm trying to restart a service in my fedora installation, from a php local file. So i discovered the shell_exec command, and tried:

shell_exec('service nagios restart')

I also tried shell_exec('sudo restart.sh') where restart.sh has the line "service nagios restart" in it.

The first time i did it, i didn't know about permissions problems, so i discovered then the sudoers file and, using the command shell_exec('whoami'), it returned "apache". Then i added the apache permission line in suoders.

The problem is still the same, i can't seem to restart this service, or any other. Can you help me? Thanks.

2
Contributors
3
Replies
5
Views
7 Years
Discussion Span
Last Post by CapFish
0

Hello,

First the security problem... Do you realize that by adding apache to the sudoers file you are giving any user from the web rights to be root on your server?

The sudo problem... Sudo normally prompts for the users password the first time it is run for that user from a new shell and any time longer than five minutes since it last ran a command for that user in that shell.

what do you get if you run the restart.sh script from the command line? If nothing slse when you are logged in as root do:

su - apache

and you will become the apache user then see what it takes to get the restart.sh script running. Probably apache does not have the service command in it's search path so cannot execute it. You would have to have:

#!/bin/bash
/sbin/service nagios restart

in your restart.sh script

0

Hello,

First the security problem... Do you realize that by adding apache to the sudoers file you are giving any user from the web rights to be root on your server?

The sudo problem... Sudo normally prompts for the users password the first time it is run for that user from a new shell and any time longer than five minutes since it last ran a command for that user in that shell.

what do you get if you run the restart.sh script from the command line? If nothing slse when you are logged in as root do:

su - apache

and you will become the apache user then see what it takes to get the restart.sh script running. Probably apache does not have the service command in it's search path so cannot execute it. You would have to have:

#!/bin/bash
/sbin/service nagios restart

in your restart.sh script

Hey, thanks for the answer :)

The security is not that big problem here, because i will use this only locally.

I usually start Fedora with root user, so the script "service nagios restart" works good at the cmd line. When i do su -apache or su apache, it gives "this account is currently not available". Don't know why =/.

I´ve modified my testshell.php file, into this:

<?php

$output=shell_exec('sh srvnagios.sh'); --> [I]where srvnagios.sh has #!/bin/bash
/sbin/service nagios restart in it like you told me [/I]

echo "<pre>$output</pre>";
?>

but when i run the testshell.php file, it shows this:

"Running configuration check....CONFIG ERROR! Restart aborted. Check your Nagios configuration"

Although the problem is not the Nagios configuration, since it works when i do the same command in cmd line with root user. I suspect the problem is with the permissions of the actual user - apache.

0

Fixed it! :D Turns out that i add to comment the line Defaults requiretty in sudoers file. After that, everythings fine now.

@rch1231: thanks for your help.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.