shell_exec and root permissions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

shell_exec and root permissions

Post by miro_igov »

Hello, i am almost given up. I have to execute command with shell_exec() to add or remove an IP address from NIC. Unfortunatelly when i run the command 'ip add xxx.xxx.xxx.xxx/28 eth0' shell_exec returns false. So i thin this is because this command must be run by user with enough permissions. I tried with sudo without luck. Can somebody suggest a thing?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: shell_exec and root permissions

Post by VladSun »

miro_igov wrote:I tried with sudo without luck. Can somebody suggest a thing?
What did you try? /etc/sudoers ?
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: shell_exec and root permissions

Post by VladSun »

An example:

/etc/sudoers

Code: Select all

Cmnd_Alias      NETWORKING = /bin/ping, ifconfig [0-9]* eth0
 
root    ALL=(ALL) ALL
www-data ALL=NOPASSWD:NETWORKING

Code: Select all

sudo ping localhost -f -c4
sudo ifconfig 192.168.0.1 eth0
There are 10 types of people in this world, those who understand binary and those who don't
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Re: shell_exec and root permissions

Post by miro_igov »

My user is apache so sudoers file contains

Code: Select all

apache ALL= NOPASSWD: ALL
and PHP file:

Code: Select all

$out = shell_exec('/usr/bin/sudo /sbin/ip add add 216.66.235.3/28 dev eth0') or die('cannot execute command');
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: shell_exec and root permissions

Post by VladSun »

What's the ouput of:

Code: Select all

echo shell_exec('/usr/bin/sudo /sbin/ip add add 216.66.235.3/28 dev eth0 2>&1');
Edit: You have add two times...
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: shell_exec and root permissions

Post by VladSun »

Code: Select all

ip route add 216.66.235.3/28 dev eth0
EDIT: In fact, this can't be done, because the combination of this subnet mask and this network address is invalid.

32 - 28 = 4
2^4 = 16

=> 216.66.235.0/28, 216.66.235.16/28, 216.66.235.32/28, etc.

What are you trying to do in general?
There are 10 types of people in this world, those who understand binary and those who don't
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Re: shell_exec and root permissions

Post by miro_igov »

Hi, thanks for the reply.

The command ip add add (with duplicate add) is correct. Actually the sudo ip .... is working at all, when i added the 2>&1 at the end i seen "RTNETLINK answers: File exists " which means the IP is already added. Without 2>&1 there was no output from shell_exec.

I cannot answer why the combination of subnet and mask is invalid but it is part of the specification of required app for bind web interface.

The issue is solved.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: shell_exec and root permissions

Post by VladSun »

miro_igov wrote:Hi, thanks for the reply.
:) Sorry, I thought you need to route a subnet via eth0.
miro_igov wrote:The command ip add add (with duplicate add) is correct.
Well, I think it's

Code: Select all

ip add add[b]r[/b] ....
though I see Google results fo "add add" :)
miro_igov wrote:Actually the sudo ip .... is working at all, when i added the 2>&1 at the end i seen "RTNETLINK answers: File exists " which means the IP is already added. Without 2>&1 there was no output from shell_exec.
So, you should have IP 216.66.235.3 assigned on eth0 - does ifconfig -a confim this?
miro_igov wrote:I cannot answer why the combination of subnet and mask is invalid but it is part of the specification of required app for bind web interface.
Well, for host address it's absolutely right. As I said I though it's a network address, but it is a host address indeed.

PS: I do love helping people with network administration :) I think it's obvious ;)
There are 10 types of people in this world, those who understand binary and those who don't
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Re: shell_exec and root permissions

Post by miro_igov »

ifconfig -a does not show the 216.66.235.3 on eth0 but it works.

This is part of a procedure for setting PTR records on a dns server, i am doing the interface, there are other people responsible for the procedure steps:

#1 - check to see if IP address is bound to server:
ip add | grep 216.66.235.

#2 - check to find out which DNS servers are authority for the block:
dig -x 216.66.235.100 +trace | grep 100.235.66.216

And resolve DNS servers IP:
dig ns1.DOITNOWHOSTS.COM +short
#216.66.235.3
ns2.DOITNOWHOSTS.COM +short
#216.66.235.9

#3 - if not already there, add the IP to the interface, if there, skip to #5
ip add add 216.66.235.3/28 dev eth0
ip add add 216.66.235.9/28 dev eth0

#4 - Add to listen-on, zones
/etc/bind/listen-on.conf
/etc/bind/zones

#5 - edit zone created into /etc/bind/pri
/etc/bind/pri/216.66.235.rev


And few others for restarting the bind and reloading config.
Post Reply