• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Limitation of system() in php.. How can become super user!?

Status
Not open for further replies.

anti

Active Member

Thanks: 1
Messages: 108

#1
Hello

If I write the function system("reboot") in php on FreeBSD it will not work. How can make it to work?

Also, if i write php code like following:
Code:
<?php
system("[color="Red"][B]telnet localhost 2601[/B][/color]");
?>
the system then needs a password for telneting the port 2601 for example. How can give the system the password using php functions?
 

aragon

Daemon

Thanks: 272
Messages: 2,031

#2
anti said:
If I write the function system("reboot") in php on FreeBSD it will not work. How can make it to work?
Install and configure security/sudo.


anti said:
Also, if i write php code like following:
Code:
<?php
system("[color="Red"][B]telnet localhost 2601[/B][/color]");
?>
the system then needs a password for telneting the port 2601 for example. How can give the system the password using php functions?
Use PHP sockets/streams.
 

anti

Active Member

Thanks: 1
Messages: 108

#3
aragon said:
Install and configure security/sudo.



Use PHP sockets/streams.
a lot thanks, but still it is not clear how to use security/sudo ports? security/sudo have installed , but I do not know how can I use. I will be glad if you share your knowledge about sudo with me.
I am waiting you plz. thanx. ;)
 

tkjacobsen

Member

Thanks: 11
Messages: 46

#4
you can type 'visudo' as super user and it will open the configuration file in $EDITOR

Adding the line
Code:
ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm
as root on the machine rushmore without authenticating himself.
(from man sudoers)

You can generalize this to the user executing the php code and the commands you want to be able to run as that user.

The command should now be executed like
Code:
sudo /bin/kill 1
as that user.
 

anti

Active Member

Thanks: 1
Messages: 108

#5
Hello tkjacobsen, a lot of thanks for your support but the problem still exist. This msg appears when i excute my php code.
Code:
www : user NOT authorized on host ; TTY= unknown ; PWD=/usr/local/www/apache22/data; USER=root ; COMMAND=/sbin/reboot
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,692

#6
Did you allow the user www to run that command?
 

anti

Active Member

Thanks: 1
Messages: 108

#8
I am sorry Moderator!
...

This is my sudoers file

Code:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification
# Uncomment if needed to preserve environmental variables related to the
# FreeBSD pkg_* utilities and fetch.
#Defaults	env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE"

# Additionally uncomment if needed to preserve environmental variables
# related to portupgrade.
#Defaults	env_keep += "PORTSDIR PORTS_INDEX PORTS_DBDIR PACKAGES PKGTOOLS_CONF"

# Runas alias specification

# User privilege specification
[color="Red"][B]root	ALL=(ALL) ALL
ALL     ALL=(ALL) NOPASSWD: ALL
www    ALL=(ALL) ALL[/B][/color]
# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL) ALL

# Same thing without a password
 %www	ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
any idea?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,692

#9
Remove these:
Code:
ALL     ALL=(ALL) NOPASSWD: ALL
www    ALL=(ALL) ALL
{snip}
 %www	ALL=(ALL) NOPASSWD: ALL
You really, REALLY, do NOT want to give sudo access to www this way.

Now, for just reboot, and ONLY reboot:
Code:
www    ALL=NOPASSWD: /sbin/reboot
You really need to ask yourself what you're doing and why. The way you are moving now will result in a hacked server.
 

anti

Active Member

Thanks: 1
Messages: 108

#10
SirDice .. i did exactly what u tell me... but still no effect!!

Is it possible that the problem exist bcz of php code?? i dont know!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,692

#11
Me neither. Any error messages? /var/log/messages? Apache error log?
 

anomie

Aspiring Daemon

Thanks: 116
Messages: 783

#12
anti said:
If I write the function system("reboot") in php on FreeBSD it will not work. How can make it to work?
This sounds like trouble. If this is not implemented correctly, you're going to create a nice, dangerous risk for yourself.

Apologies if this suggestion is not useful, but depending on your circumstances and needs, you might want to look into something like Webmin. (You can create a user for the purpose of restarting the server, and then lock down the modules he has access to pretty significantly.)
 

sixtydoses

Well-Known Member

Thanks: 59
Messages: 400

#13
anti said:
SirDice .. i did exactly what u tell me... but still no effect!!

Is it possible that the problem exist bcz of php code?? i dont know!
Have you tried rebooting the machine as www? Command line, not via php code.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,692

#14
Yes, nice way to test. Just login as root, then:

Code:
su - www
sudo /sbin/reboot
That should work. If it doesn't there may still be something wrong with you sudoers file.
 

anti

Active Member

Thanks: 1
Messages: 108

#15
SirDice said:
Code:
[color="Red"]su - www[/color]
sudo /sbin/reboot
The red command does not work! :x

This the result of id www:
Code:
uid=80(www)  gid=80(www)  groups=80(www)
Does chsh will help?
 

anti

Active Member

Thanks: 1
Messages: 108

#17
sixtydoses said:
What was the error? How did you create the user www?
I did not create this user(www), I think that apache server created it, I know that from the code:
PHP:
<?php

system("whoami");
?>
the output is: www


!!
 

anti

Active Member

Thanks: 1
Messages: 108

#19
DutchDaemon said:
Can a 'shell-less' user actually use sudo? The default shell of user www is usually /usr/sbin/nologin.
i think you are right! but can i give www a shell ?? how?
 

sixtydoses

Well-Known Member

Thanks: 59
Messages: 400

#20
DutchDaemon said:
Can a 'shell-less' user actually use sudo? The default shell of user www is usually /usr/sbin/nologin.
Oh yea sorry, I totally forgot about the www/apache thing. Was treating it like a normal user with the name www. Yea, www's default shell is /usr/sbin/nologin and can't use sudo unless it has a shell.

@anti
You can use the command # chsh to change www's shell, but as mentioned several times in earlier threads, this is not an advisable thing to do in the first place.
 

anti

Active Member

Thanks: 1
Messages: 108

#21
sixtydoses said:
Oh yea sorry, I totally forgot about the www/apache thing. Was treating it like a normal user with the name www. Yea, www's default shell is /usr/sbin/nologin and can't use sudo unless it has a shell.

@anti
You can use the command # chsh to change www's shell, but as mentioned several times in earlier threads, this is not an advisable thing to do in the first place.
I am asking about that for knowing if it is useful thing to do somthing like it, I mean > giving a shell for www Does that make sense?, so i can execute any command that i need using php pages??

by the way,#chsh command require that i am already logon on www user, but how can logon it ?? i think that www somehow different than other users.. i dont know!! x(
 

sixtydoses

Well-Known Member

Thanks: 59
Messages: 400

#22
Run # chsh www as root, and change this:
Code:
Shell: /usr/sbin/nologin
to something like this:
Code:
Shell: /usr/local/bin/bash
Save it.

Then run # su www.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,692

#23
Why bash? Just use /bin/tcsh or /bin/sh.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,692

#25
It's not a good idea to set it to bash. It's not installed by default. This will most likely result in more errors when the OP takes the advice.
 
Status
Not open for further replies.