Score:1

Server

CENTOS apache ALL=(root) NOPASSWD: /path/to/shell.sh is not working

alvan

11/25/22, 4:18 PM

Trying to do a web interface IPtables management.

Created a file test.php

$output = shell_exec('sudo bash /usr/bin/iptables.sh 2>&1');
echo $output;

Gave /usr/bin/iptables.sh NOPASSWD so I can execute the file with sudo through apache without using a password

sudo iptables -L

sudoers file :

apache ALL=(root) NOPASSWD: /usr/bin/iptables.sh

But I am still getting error

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper{"mode":"full","isActive":false}

However, if I use

apache ALL=(root) NOPASSWD: ALL

Everything works fine.

I double-checked my directory and I used the exact path

[root@CentOS bin]# readlink -f iptables.sh
/usr/bin/iptables.sh

Super clueless here, can anyone help me with a direction? :'(

332

2 + 0

shell

bash

sudo

apache-2.4

centos8

Score:1

Server

Michael Hampton

11/25/22, 5:52 PM

The command you call with sudo must match what is in the sudoers file, but in your case they do not match.

You tried to run bash /usr/bin/iptables.sh, but sudoers only allows you to run /usr/bin/iptables.sh.

0 + 4

alvan

11/25/22, 6:47 PM

I am confused, how am I supposed to execute the script in this case? Do I have to add bash to sudoers?

Michael Hampton

11/25/22, 6:49 PM

@alvan Why do you have `bash` in there at all? It is redundant. You can do what you want but the important bit is that **they must match exactly**.

alvan

11/25/22, 6:53 PM

Oh, Oh my god. $output = shell_exec("sudo /usr/bin/iptables.sh 2>&1'"); This actually worked

alvan

11/25/22, 6:55 PM

Thank you so much Michael!!

Score:0

Server

Ajay Singh

11/25/22, 4:56 PM

Try with sudo, since /usr/bin/iptables.sh references to root of root.

$output = shell_exec("sudo -u root sh -c 'bash /usr/bin/iptables.sh 2>&1'");
echo $output;

0 + 3

alvan

11/25/22, 5:34 PM

No luck, the php doesn't output anything in this case. But when I change the sudoers file to ALL, this works

Ajay Singh

11/25/22, 5:56 PM

@alvan have you tried above code without nopassword in sudoers like -> apache ALL=(root) /usr/bin/iptables.sh ; What is the output of <?php echo exec('whoami'); ?>

alvan

11/25/22, 6:48 PM

it is apache 15 characters

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: CENTOS apache ALL=(root) NOPASSWD: /path/to/shell.sh is not working

TH: CENTOS apache ALL=(root) NOPASSWD: /path/to/shell.sh ไม่ทำงาน

RO: CENTOS apache ALL=(rădăcină) NOPASSWD: /path/to/shell.sh nu funcționează

RU: CENTOS apache ALL=(root) NOPASSWD: /path/to/shell.sh не работает

VI: CENTOS apache ALL=(root) NOPASSWD: /path/to/shell.sh không hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.