I would like to create a php script to execute a shell command and return its output. The server requires a private key. When I first decided to test this out I created this:
<?php $command = "ls"; $output = shell_exec($command); echo "<pre>$output</pre>"; ?>
That worked just fine. But when I changed
$command to the command I really wanted to run:
$command = "/etc/init.d/mycontrollerd status /etc/mycontrollerconfig";
it gave me this output:
You need root privileges to run this script
My guess is I need to use
sudo. Of course that will require putting the pem file somewhere on the server. Assuming I do that, what exactly should
$command be? Should I use
system() or something else?
It does not matter which php function you use to start the script – what lacks is the authorization of your user account.
Either use sudo (preconfigure the web server user to run the exact command without password via
visudo, and prefix the command with
sudo) or set up a setuid script that executes the command on itself.
What you really need to do is set your web server to run as a specific user (other than ‘nobody’ for example), or give that user permissions to what you want to execute.