Page 1 of 1

shell_exec and root permissions

Posted: Mon Nov 24, 2008 6:38 am
by miro_igov
Hello, i am almost given up. I have to execute command with shell_exec() to add or remove an IP address from NIC. Unfortunatelly when i run the command 'ip add xxx.xxx.xxx.xxx/28 eth0' shell_exec returns false. So i thin this is because this command must be run by user with enough permissions. I tried with sudo without luck. Can somebody suggest a thing?

Re: shell_exec and root permissions

Posted: Mon Nov 24, 2008 7:55 am
by VladSun
miro_igov wrote:I tried with sudo without luck. Can somebody suggest a thing?
What did you try? /etc/sudoers ?

Re: shell_exec and root permissions

Posted: Mon Nov 24, 2008 8:19 am
by VladSun
An example:

/etc/sudoers

Code: Select all

Cmnd_Alias      NETWORKING = /bin/ping, ifconfig [0-9]* eth0
 
root    ALL=(ALL) ALL
www-data ALL=NOPASSWD:NETWORKING

Code: Select all

sudo ping localhost -f -c4
sudo ifconfig 192.168.0.1 eth0

Re: shell_exec and root permissions

Posted: Mon Nov 24, 2008 8:50 am
by miro_igov
My user is apache so sudoers file contains

Code: Select all

apache ALL= NOPASSWD: ALL
and PHP file:

Code: Select all

$out = shell_exec('/usr/bin/sudo /sbin/ip add add 216.66.235.3/28 dev eth0') or die('cannot execute command');

Re: shell_exec and root permissions

Posted: Mon Nov 24, 2008 8:55 am
by VladSun
What's the ouput of:

Code: Select all

echo shell_exec('/usr/bin/sudo /sbin/ip add add 216.66.235.3/28 dev eth0 2>&1');
Edit: You have add two times...

Re: shell_exec and root permissions

Posted: Mon Nov 24, 2008 8:59 am
by VladSun

Code: Select all

ip route add 216.66.235.3/28 dev eth0
EDIT: In fact, this can't be done, because the combination of this subnet mask and this network address is invalid.

32 - 28 = 4
2^4 = 16

=> 216.66.235.0/28, 216.66.235.16/28, 216.66.235.32/28, etc.

What are you trying to do in general?

Re: shell_exec and root permissions

Posted: Mon Nov 24, 2008 11:59 am
by miro_igov
Hi, thanks for the reply.

The command ip add add (with duplicate add) is correct. Actually the sudo ip .... is working at all, when i added the 2>&1 at the end i seen "RTNETLINK answers: File exists " which means the IP is already added. Without 2>&1 there was no output from shell_exec.

I cannot answer why the combination of subnet and mask is invalid but it is part of the specification of required app for bind web interface.

The issue is solved.

Re: shell_exec and root permissions

Posted: Mon Nov 24, 2008 1:02 pm
by VladSun
miro_igov wrote:Hi, thanks for the reply.
:) Sorry, I thought you need to route a subnet via eth0.
miro_igov wrote:The command ip add add (with duplicate add) is correct.
Well, I think it's

Code: Select all

ip add add[b]r[/b] ....
though I see Google results fo "add add" :)
miro_igov wrote:Actually the sudo ip .... is working at all, when i added the 2>&1 at the end i seen "RTNETLINK answers: File exists " which means the IP is already added. Without 2>&1 there was no output from shell_exec.
So, you should have IP 216.66.235.3 assigned on eth0 - does ifconfig -a confim this?
miro_igov wrote:I cannot answer why the combination of subnet and mask is invalid but it is part of the specification of required app for bind web interface.
Well, for host address it's absolutely right. As I said I though it's a network address, but it is a host address indeed.

PS: I do love helping people with network administration :) I think it's obvious ;)

Re: shell_exec and root permissions

Posted: Tue Nov 25, 2008 12:57 am
by miro_igov
ifconfig -a does not show the 216.66.235.3 on eth0 but it works.

This is part of a procedure for setting PTR records on a dns server, i am doing the interface, there are other people responsible for the procedure steps:

#1 - check to see if IP address is bound to server:
ip add | grep 216.66.235.

#2 - check to find out which DNS servers are authority for the block:
dig -x 216.66.235.100 +trace | grep 100.235.66.216

And resolve DNS servers IP:
dig ns1.DOITNOWHOSTS.COM +short
#216.66.235.3
ns2.DOITNOWHOSTS.COM +short
#216.66.235.9

#3 - if not already there, add the IP to the interface, if there, skip to #5
ip add add 216.66.235.3/28 dev eth0
ip add add 216.66.235.9/28 dev eth0

#4 - Add to listen-on, zones
/etc/bind/listen-on.conf
/etc/bind/zones

#5 - edit zone created into /etc/bind/pri
/etc/bind/pri/216.66.235.rev


And few others for restarting the bind and reloading config.