I want to execute .sh script with root permissions from web. I've added this to /etc/sudoers
www-data ALL=NOPASSWD: /usr/share/nginx/html/adduzer.sh
apache ALL=NOPASSWD: /usr/share/nginx/html/adduzer.sh
nginx ALL=NOPASSWD: /usr/share/nginx/html/adduzer.sh
But this constructions don't work anyway for root permissions. Why? Where is the problem?
Also, in php exec('whoami') gives 'apache' user as a result. But I have construction for it.
May be SElinux blocks it? How I can check\disable it?
>>57168169
Gentoo doesn't have this problem.
I have one simple sh script, which adds line to the file. If I execute it from terminal with sudo /usr/share/nginx/html/adduzer.sh I see results in /work/test.txt, but if I execute the same command from php file with shell_exec('sudo /usr/share/nginx/html/adduzer.sh'); or exec('sudo /usr/share/nginx/html/adduzer.sh'); - I have not got new line in the file.
Nginx logs are empty. How I can execute the sh script with root rights for string add?
I've also written not root user to /etc/sudoers construction, like in first message, and I've executed it succesfully like a root. So constructions should to work, but it don't for php...
What I can do here?
>>57168204
I like gentoo, but have got centos vps, which works little weird, from my point of view. I think, there some SElinux... How I can block selinux or give access to this operations? Any advices?
>>57168224
Are you running apache or nginx?
>>57168252
nginx, but php gives 'apache' as result from echo exec('woami').
Anyway I have constructions for apache, nginx and www-data users in /etc/sudoers
I've add user without root privilegies and add for him one more construction to /etc/sudoers - and it works well from terminal. So something blocks nginx\php for the same operation?
http://stackoverflow.com/questions/24149071/php-shell-exec-and-sudo-commands-for-selinux-administration
>>57168447
This awesome url, thank you so much!
I've solved this problem.
you are the best!
Just for note - 4chan helped with this, but a lot of another websites - didn't!