# Limitation of system() in php.. How can become super user!?



## anti (Feb 20, 2010)

Hello

If I write the function *system("reboot")* in php on FreeBSD it will not work. How can make it to work?

Also, if i write php code like following:

```
<?php
system("[color="Red"][B]telnet localhost 2601[/B][/color]");
?>
```
the system then needs a _password_ for telneting the port _2601_ for example. How can give the system the password _*using php functions*_?


----------



## aragon (Feb 21, 2010)

anti said:
			
		

> If I write the function *system("reboot")* in php on FreeBSD it will not work. How can make it to work?


Install and configure security/sudo.




			
				anti said:
			
		

> Also, if i write php code like following:
> 
> ```
> <?php
> ...


Use PHP sockets/streams.


----------



## anti (Feb 21, 2010)

aragon said:
			
		

> Install and configure security/sudo.
> 
> 
> 
> Use PHP sockets/streams.



a lot thanks, but still it is not clear how to use security/sudo ports? security/sudo have installed , but I do not know how can I use. I will be glad if you share your knowledge about sudo with me.
I am waiting you plz. thanx.


----------



## tkjacobsen (Feb 21, 2010)

you can type 'visudo' as super user and it will open the configuration file in $EDITOR

Adding the line

```
ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
```
would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm
as root on the machine rushmore without authenticating himself.
(from man sudoers)

You can generalize this to the user executing the php code and the commands you want to be able to run as that user.

The command should now be executed like

```
sudo /bin/kill 1
```
as that user.


----------



## anti (Feb 22, 2010)

Hello tkjacobsen, a lot of thanks for your support but the problem still exist. This msg appears when i excute my php code.

```
www : user NOT authorized on host ; TTY= unknown ; PWD=/usr/local/www/apache22/data; USER=root ; COMMAND=/sbin/reboot
```


----------



## SirDice (Feb 22, 2010)

Did you allow the user *www* to run that command?


----------



## DutchDaemon (Feb 22, 2010)

It's probably not a good idea to have this same bit of troubleshooting in two separate threads ... (http://forums.freebsd.org/showthread.php?p=69132#post69132)


----------



## anti (Feb 22, 2010)

I am sorry Moderator!
...

This is my sudoers file


```
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification
# Uncomment if needed to preserve environmental variables related to the
# FreeBSD pkg_* utilities and fetch.
#Defaults	env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE"

# Additionally uncomment if needed to preserve environmental variables
# related to portupgrade.
#Defaults	env_keep += "PORTSDIR PORTS_INDEX PORTS_DBDIR PACKAGES PKGTOOLS_CONF"

# Runas alias specification

# User privilege specification
[color="Red"][B]root	ALL=(ALL) ALL
ALL     ALL=(ALL) NOPASSWD: ALL
www    ALL=(ALL) ALL[/B][/color]
# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL) ALL

# Same thing without a password
 %www	ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
```

any idea?


----------



## SirDice (Feb 22, 2010)

Remove these:

```
ALL     ALL=(ALL) NOPASSWD: ALL
www    ALL=(ALL) ALL
{snip}
 %www	ALL=(ALL) NOPASSWD: ALL
```

You really, REALLY, do NOT want to give sudo access to www this way.

Now, for just reboot, and ONLY reboot:

```
www    ALL=NOPASSWD: /sbin/reboot
```

You really need to ask yourself what you're doing and why. The way you are moving now will result in a hacked server.


----------



## anti (Feb 22, 2010)

SirDice .. i did exactly what u tell me... but still no effect!!

Is it possible that the problem exist bcz of php code?? i dont know!


----------



## SirDice (Feb 22, 2010)

Me neither. Any error messages? /var/log/messages? Apache error log?


----------



## anomie (Feb 22, 2010)

anti said:
			
		

> If I write the function *system("reboot")* in php on FreeBSD it will not work. How can make it to work?



This sounds like trouble. If this is not implemented correctly, you're going to create a nice, dangerous risk for yourself. 

Apologies if this suggestion is not useful, but depending on your circumstances and needs, you might want to look into something like Webmin. (You can create a user for the purpose of restarting the server, and then lock down the modules he has access to pretty significantly.)


----------



## sixtydoses (Feb 23, 2010)

anti said:
			
		

> SirDice .. i did exactly what u tell me... but still no effect!!
> 
> Is it possible that the problem exist bcz of php code?? i dont know!



Have you tried rebooting the machine as www? Command line, not via php code.


----------



## SirDice (Feb 23, 2010)

Yes, nice way to test. Just login as root, then:


```
su - www
sudo /sbin/reboot
```

That should work. If it doesn't there may still be something wrong with you sudoers file.


----------



## anti (Feb 23, 2010)

SirDice said:
			
		

> ```
> [color="Red"]su - www[/color]
> sudo /sbin/reboot
> ```



The red command does not work! :x

This the result of _id www_:

```
uid=80(www)  gid=80(www)  groups=80(www)
```

Does _*chsh*_ will help?


----------



## sixtydoses (Feb 23, 2010)

anti said:
			
		

> The red command does not work! :x



What was the error? How did you create the user www?


----------



## anti (Feb 23, 2010)

sixtydoses said:
			
		

> What was the error? How did you create the user www?



I did not create this user(www), I think that apache server created it, I know that from the code:

```
<?php

system("whoami");
?>
```

the output is: www


!!


----------



## DutchDaemon (Feb 23, 2010)

Can a 'shell-less' user actually use sudo? The default shell of user www is usually /usr/sbin/nologin.


----------



## anti (Feb 23, 2010)

DutchDaemon said:
			
		

> Can a 'shell-less' user actually use sudo? The default shell of user www is usually /usr/sbin/nologin.



i think you are right! but can i give www a shell ?? how?


----------



## sixtydoses (Feb 23, 2010)

DutchDaemon said:
			
		

> Can a 'shell-less' user actually use sudo? The default shell of user www is usually /usr/sbin/nologin.



Oh yea sorry, I totally forgot about the www/apache thing. Was treating it like a normal user with the name www. Yea, www's default shell is /usr/sbin/nologin and can't use sudo unless it has a shell.

@anti
You can use the command `# chsh` to change www's shell, but as mentioned several times in earlier threads, this is not an advisable thing to do in the first place.


----------



## anti (Feb 23, 2010)

sixtydoses said:
			
		

> Oh yea sorry, I totally forgot about the www/apache thing. Was treating it like a normal user with the name www. Yea, www's default shell is /usr/sbin/nologin and can't use sudo unless it has a shell.
> 
> @anti
> You can use the command `# chsh` to change www's shell, but as mentioned several times in earlier threads, this is not an advisable thing to do in the first place.



I am asking about that for knowing if it is useful thing to do somthing like it, I mean > giving  a shell for www Does that make sense?, so i can execute any command that i need using php pages??

by the way,#chsh command require that i am already logon on www user, but how can logon it ?? i think that www somehow different than other users.. i dont know!! x(


----------



## sixtydoses (Feb 23, 2010)

Run `# chsh www` as root, and change this:

```
Shell: /usr/sbin/nologin
```

to something like this:

```
Shell: /usr/local/bin/bash
```

Save it.

Then run `# su www`.


----------



## SirDice (Feb 23, 2010)

Why bash? Just use /bin/tcsh or /bin/sh.


----------



## sixtydoses (Feb 23, 2010)

SirDice said:
			
		

> Why bash? Just use /bin/tcsh or /bin/sh.


Because that's what I had in mind at the time.


----------



## SirDice (Feb 23, 2010)

It's not a good idea to set it to bash. It's not installed by default. This will most likely result in more errors when the OP takes the advice.


----------



## sixtydoses (Feb 23, 2010)

Touche


----------



## anti (Feb 23, 2010)

Ok! till now i can excute the following code on www:

```
sudo /sbin/reboot
```
but still this php code has no effect

```
<?php
system("sudo /sbin/reboot");
?>
```


----------



## DutchDaemon (Feb 23, 2010)

Did you do that after [cmd=]su www[/cmd] or after [cmd=]su - www[/cmd]? See if that sudo command still works after running [cmd=]su - www[/cmd]. If not, the path to sudo is not in www's $PATH, so you'll either have to add that path or use the full path in your PHP code.


----------



## anti (Feb 23, 2010)

This is the sequence that i did

```
# su www
$ sudo /sbin/reboot
```

it worked perfectly


```
su - www
```
 says that there is no such directory!!

i did not understand the issue of the path!! where this path is? should i use the fuction chdir() in php?


----------



## DutchDaemon (Feb 23, 2010)

That's what I thought: the user www has no home directory, so there's no 'base' to run shell commands from. The difference between 'su' and 'su -' is that the former keeps the original environment (root's in this case), whereas the latter tries to switch to the new user's environment (which is incomplete).

Try first:

```
system("/usr/local/bin/sudo /sbin/reboot");
```

If that doesn't work, try giving the www user a home directory.

And stop using colour in your posts, it's annoying.


----------



## anti (Feb 23, 2010)

DutchDaemon .. I do not know how can i thank you, you solved my problem perfectly.
Yes what you said is true. The code you gave me solved the problem. a lot of thanks. But i remember that i executed such command before with different way as i saw  in some sites but i lost them currntly! Also thanks for all members here they helped me.

Sorry about the annoying colors.


----------



## DutchDaemon (Feb 23, 2010)

Make absolutely sure that that piece of php code is not available to an unauthorised user at any time! This is a bit like giving a lighter to a toddler in a room full of nylon curtains. Drenched in petrol. With an open tank of oxygen.


----------



## RusTus (Jun 23, 2011)

So here on the FreeBSD forum, if you politely make a remark that a moderator was a little rude, apparently your posts get deleted.  So Moderators can be as rude as they want, and if someone speaks out in defense, they are deleted....

I'm not trying to start anything, but this kind of practice is unnerving.


----------



## DutchDaemon (Jun 23, 2011)

Don't post here if you don't like it, RusTus. I told you in private, I will tell you here for the last time. Rudeness is in the eye of the beholder (I found your replies in this thread more rude than I would ever be), and apparently the affected poster was less affected by it than yourself. This probably says more about you than about me, or said poster. Closed.


----------

