• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Limitation of system() in php.. How can become super user!?

Status
Not open for further replies.

anti

Active Member

Thanks: 1
Messages: 108

#27
Ok! till now i can excute the following code on www:
Code:
sudo /sbin/reboot
but still this php code has no effect
PHP:
<?php
system("sudo /sbin/reboot");
?>
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 2,584
Messages: 11,210

#28
Did you do that after [cmd=]su www[/cmd] or after [cmd=]su - www[/cmd]? See if that sudo command still works after running [cmd=]su - www[/cmd]. If not, the path to sudo is not in www's $PATH, so you'll either have to add that path or use the full path in your PHP code.
 

anti

Active Member

Thanks: 1
Messages: 108

#29
This is the sequence that i did
Code:
# su www
$ sudo /sbin/reboot
it worked perfectly

Code:
su - www
says that there is no such directory!!

i did not understand the issue of the path!! where this path is? should i use the fuction chdir() in php?
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 2,584
Messages: 11,210

#30
That's what I thought: the user www has no home directory, so there's no 'base' to run shell commands from. The difference between 'su' and 'su -' is that the former keeps the original environment (root's in this case), whereas the latter tries to switch to the new user's environment (which is incomplete).

Try first:
PHP:
system("/usr/local/bin/sudo /sbin/reboot");
If that doesn't work, try giving the www user a home directory.

And stop using colour in your posts, it's annoying.
 

anti

Active Member

Thanks: 1
Messages: 108

#31
DutchDaemon .. I do not know how can i thank you, you solved my problem perfectly.
Yes what you said is true. The code you gave me solved the problem. a lot of thanks. But i remember that i executed such command before with different way as i saw in some sites but i lost them currntly! Also thanks for all members here they helped me.

Sorry about the annoying colors.
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 2,584
Messages: 11,210

#32
Make absolutely sure that that piece of php code is not available to an unauthorised user at any time! This is a bit like giving a lighter to a toddler in a room full of nylon curtains. Drenched in petrol. With an open tank of oxygen.
 

RusTus

New Member


Messages: 1

#33
So here on the FreeBSD forum, if you politely make a remark that a moderator was a little rude, apparently your posts get deleted. So Moderators can be as rude as they want, and if someone speaks out in defense, they are deleted....

I'm not trying to start anything, but this kind of practice is unnerving.
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 2,584
Messages: 11,210

#34
Don't post here if you don't like it, RusTus. I told you in private, I will tell you here for the last time. Rudeness is in the eye of the beholder (I found your replies in this thread more rude than I would ever be), and apparently the affected poster was less affected by it than yourself. This probably says more about you than about me, or said poster. Closed.
 
Status
Not open for further replies.
Top