homepage Welcome to WebmasterWorld Guest from 54.166.62.226
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Executing system function from web interface
just click a link on the browser & execute system functions eg reboot
ibrahimtaj

10+ Year Member



 
Msg#: 1133 posted 1:26 pm on Jul 5, 2004 (gmt 0)

Hello all,

I am using a mandrakke 9.1 ,with php 4.3.1 and apache 2.0 installed.

What I will like to do is to be able to click a link on the browser and be able to execute a system function like shutdown or reboot.

Every other configuration issue is okay but just remaining the above . Can somebody please explain what I need to do in order to be able to perform the task?

Ibrahim

 

MattyMoose

10+ Year Member



 
Msg#: 1133 posted 4:15 pm on Jul 5, 2004 (gmt 0)

Heh, depends how you want to go about it...

You can write a perl script and use that as a cgi on your webserver to perform these tasks, but the problem is that you need to be root (or wheel/operator group will work for some OSes), and the webserver typically runs as the user "www", not root, or any of those. The solution is to create a setuid (setuid man page [freebsd.org]) bit perl script to run as root, but I know that Apache has some safeguards against running setuid CGIs, and perl is a little tricky on some OSes, so it won't let you run setuids, and also, your system may be running in such a way that it won't run setuid programs (it's often a mount option).

The other way I've done things in the past is to give the "www" user a real shell and home directory, and so on... This is for use with PHP, rather than CGIs. It's definitely not recommended. Once the www user has a shell and home dir, it can many more things that it couldn't do before. for example, this is one way of getting php to run the "reboot" command:

click link, which brings you to "reboot.php"
reboot.php has a "passthru" or "exec" or "system" command which executes a custom-built setuid binary file in its home dir, called "shutphp.bin"
this shutphp.bin file is basically a wrapper, that is a basic "C" file, that looks like this (includes are probably wrong, but you get the idea).

#include <stdio.h>
#include <stlib.h>

void main() {
setuid(0);
setgid(0);
exec("/usr/sbin/reboot");
}

compile that c file with gcc (gcc -o shutphp.bin shutphp.c).
It's tricky, and it's dangerous. That's one way I've done things before, on boxes that I don't really care about.

I'm assuming since you want to reboot and so on, that you it's your own machine, so all of this may be possible.

You best bet, though, is to install something like Webmin [webmin.com ]. I've always found that hacking and slashing things like that are fun, because they teach many different things, but they're rarely practical or wise to implement.

HTH,
MM

dingman

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 1133 posted 6:15 pm on Jul 5, 2004 (gmt 0)

Another option that might be slightly safer than writing your own suid binary would be to set up sudo so that your www-data user is allowed to run the 'shutdown' program. Then you can set up a Perl or PHP script to run 'sudo shutdown -r now' instead of 'shutdown -r now', and have the same effect.

This solution still involves an suid binary, specifically the 'sudo' program, but at least 'sudo' is a publicly available program whose source code is scrutinized by lots of people who have a good idea how to write such a thing safely.

MattyMoose

10+ Year Member



 
Msg#: 1133 posted 8:31 pm on Jul 5, 2004 (gmt 0)

Ha! Excellent idea!

Hadn't considered that. ;)

Good idea -- way better than building your own c/setuid apps. :)

sonjay

10+ Year Member



 
Msg#: 1133 posted 10:25 pm on Jul 5, 2004 (gmt 0)

Doesn't Webmin [webmin.com] offer exactly such an option?

And isn't Webmin free?

ibrahimtaj

10+ Year Member



 
Msg#: 1133 posted 11:21 am on Jul 6, 2004 (gmt 0)

Thanks everbody for your various contributions.

I have tried the sudo suggestion but the result is the same , still not executing. May be I am still getting one or two things wrong.

I check my phpinfo() and it says I am not in save mode , so I need not bother putting my executable files in save_mode_exec_dir directory. Infact save_mode_exec_dir
directory is not defined in my phpinfo().

my reboot.php file which I provide a clickable link to on the web interface is as follows :

<?php
exec("/sbin/shutdown -r now")
?>


nb: my shutdown is in /sbin directory

and the relevant content of my /etc/sudoers file is as follows:
.....

root ALL=(ALL) ALL
apache ALL=/sbin/shutdown,/var/www/html/web/myphp/reb.php NOPASSWD


Please, what am I doing wrong or what Have I left undone,maybe in apache or any other neccessary area.The above are all my steps so far. Thanks once again.

-Ibrahim

ibrahimtaj

10+ Year Member



 
Msg#: 1133 posted 8:20 am on Jul 9, 2004 (gmt 0)

Hello All,

Please, I am still expecting responses from my last reply/post on the above subject which has been proving very difficult to solve for me.I want to know if I am on the right track and wwhat is it I am likely doing that is not correct

Thans for your anticipated hand of help.

Ibrahim

dingman

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 1133 posted 3:35 pm on Jul 9, 2004 (gmt 0)

Sorry for the delay, Ibrahim. I don't seem to be on here nearly as much as I used to be. Anyway, I think that this is your problem:
<?php
exec("/sbin/shutdown -r now")
?>

You configured 'sudo', but you aren't invoking it. You'll want to change the exec call to:
<?php
exec("/usr/bin/sudo /sbin/shutdown -r now")
?>

ibrahimtaj

10+ Year Member



 
Msg#: 1133 posted 11:44 am on Jul 12, 2004 (gmt 0)

Thanks dingman and others,

The sudo thing was really an oversight.Thanks for the reminder. But after making the correction , I could still not successfully reboot the system by clicking a link from the web interface.

The html link code that should execute the reboot.php script after clicking on it is as follows:

<td><div align="center"><a href="reboot.php">
Reboot</div></td>

The reboot.php is now as follows:

<?php
exec("/usr/bin/sudo /sbin/shutdown -r now")
?>

Thanks.

Ibrahim

MattyMoose

10+ Year Member



 
Msg#: 1133 posted 4:14 pm on Jul 12, 2004 (gmt 0)

apache ALL=/sbin/shutdown,/var/www/html/web/myphp/reb.php NOPASSWD

Is the user that run apache actually named apache, or is it www?

Also, try using the "passthru" function rather than exec. That way, you'll get all of the output right away.

[ca3.php.net ]

ibrahimtaj

10+ Year Member



 
Msg#: 1133 posted 8:00 am on Jul 14, 2004 (gmt 0)

I got the problem solved eventually. Great thanks to everbody who contributed to this thread.I wouldn't have been able to solve it without your various support and suggestions .Thank you very much.

apache is really the user for Apache webserver and not www on Mandrake 9.1

The problem I was having was with my sudo configuration/syntax

Initially,I was using this:
apache ALL=/sbin/shutdown,/var/www/html/web/myphp/reb.php NOPASSWD

But when I changed to the following , everything became okay :

apache ALL = (root) NOPASSWD: /sbin/shutdown

I had to read up materials on sudo again to understand the usage of NOPASSWD option.

My php file is as before and worked with both exec and passthru functions.

Thanks to all of you once again.

Ibrahim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved