shell_exec and root permissions
Moderator: General Moderators
shell_exec and root permissions
Hello, i am almost given up. I have to execute command with shell_exec() to add or remove an IP address from NIC. Unfortunatelly when i run the command 'ip add xxx.xxx.xxx.xxx/28 eth0' shell_exec returns false. So i thin this is because this command must be run by user with enough permissions. I tried with sudo without luck. Can somebody suggest a thing?
Re: shell_exec and root permissions
What did you try? /etc/sudoers ?miro_igov wrote:I tried with sudo without luck. Can somebody suggest a thing?
There are 10 types of people in this world, those who understand binary and those who don't
Re: shell_exec and root permissions
An example:
/etc/sudoers
/etc/sudoers
Code: Select all
Cmnd_Alias NETWORKING = /bin/ping, ifconfig [0-9]* eth0
root ALL=(ALL) ALL
www-data ALL=NOPASSWD:NETWORKINGCode: Select all
sudo ping localhost -f -c4
sudo ifconfig 192.168.0.1 eth0There are 10 types of people in this world, those who understand binary and those who don't
Re: shell_exec and root permissions
My user is apache so sudoers file contains
and PHP file:
Code: Select all
apache ALL= NOPASSWD: ALLCode: Select all
$out = shell_exec('/usr/bin/sudo /sbin/ip add add 216.66.235.3/28 dev eth0') or die('cannot execute command');Re: shell_exec and root permissions
What's the ouput of:
Edit: You have add two times...
Code: Select all
echo shell_exec('/usr/bin/sudo /sbin/ip add add 216.66.235.3/28 dev eth0 2>&1');There are 10 types of people in this world, those who understand binary and those who don't
Re: shell_exec and root permissions
Code: Select all
ip route add 216.66.235.3/28 dev eth032 - 28 = 4
2^4 = 16
=> 216.66.235.0/28, 216.66.235.16/28, 216.66.235.32/28, etc.
What are you trying to do in general?
There are 10 types of people in this world, those who understand binary and those who don't
Re: shell_exec and root permissions
Hi, thanks for the reply.
The command ip add add (with duplicate add) is correct. Actually the sudo ip .... is working at all, when i added the 2>&1 at the end i seen "RTNETLINK answers: File exists " which means the IP is already added. Without 2>&1 there was no output from shell_exec.
I cannot answer why the combination of subnet and mask is invalid but it is part of the specification of required app for bind web interface.
The issue is solved.
The command ip add add (with duplicate add) is correct. Actually the sudo ip .... is working at all, when i added the 2>&1 at the end i seen "RTNETLINK answers: File exists " which means the IP is already added. Without 2>&1 there was no output from shell_exec.
I cannot answer why the combination of subnet and mask is invalid but it is part of the specification of required app for bind web interface.
The issue is solved.
Re: shell_exec and root permissions
miro_igov wrote:Hi, thanks for the reply.
Well, I think it'smiro_igov wrote:The command ip add add (with duplicate add) is correct.
Code: Select all
ip add add[b]r[/b] ....So, you should have IP 216.66.235.3 assigned on eth0 - does ifconfig -a confim this?miro_igov wrote:Actually the sudo ip .... is working at all, when i added the 2>&1 at the end i seen "RTNETLINK answers: File exists " which means the IP is already added. Without 2>&1 there was no output from shell_exec.
Well, for host address it's absolutely right. As I said I though it's a network address, but it is a host address indeed.miro_igov wrote:I cannot answer why the combination of subnet and mask is invalid but it is part of the specification of required app for bind web interface.
PS: I do love helping people with network administration
There are 10 types of people in this world, those who understand binary and those who don't
Re: shell_exec and root permissions
ifconfig -a does not show the 216.66.235.3 on eth0 but it works.
This is part of a procedure for setting PTR records on a dns server, i am doing the interface, there are other people responsible for the procedure steps:
#1 - check to see if IP address is bound to server:
ip add | grep 216.66.235.
#2 - check to find out which DNS servers are authority for the block:
dig -x 216.66.235.100 +trace | grep 100.235.66.216
And resolve DNS servers IP:
dig ns1.DOITNOWHOSTS.COM +short
#216.66.235.3
ns2.DOITNOWHOSTS.COM +short
#216.66.235.9
#3 - if not already there, add the IP to the interface, if there, skip to #5
ip add add 216.66.235.3/28 dev eth0
ip add add 216.66.235.9/28 dev eth0
#4 - Add to listen-on, zones
/etc/bind/listen-on.conf
/etc/bind/zones
#5 - edit zone created into /etc/bind/pri
/etc/bind/pri/216.66.235.rev
And few others for restarting the bind and reloading config.
This is part of a procedure for setting PTR records on a dns server, i am doing the interface, there are other people responsible for the procedure steps:
#1 - check to see if IP address is bound to server:
ip add | grep 216.66.235.
#2 - check to find out which DNS servers are authority for the block:
dig -x 216.66.235.100 +trace | grep 100.235.66.216
And resolve DNS servers IP:
dig ns1.DOITNOWHOSTS.COM +short
#216.66.235.3
ns2.DOITNOWHOSTS.COM +short
#216.66.235.9
#3 - if not already there, add the IP to the interface, if there, skip to #5
ip add add 216.66.235.3/28 dev eth0
ip add add 216.66.235.9/28 dev eth0
#4 - Add to listen-on, zones
/etc/bind/listen-on.conf
/etc/bind/zones
#5 - edit zone created into /etc/bind/pri
/etc/bind/pri/216.66.235.rev
And few others for restarting the bind and reloading config.