is possible the line "apache ALL=(root) NOPASSWD:ALL" into [/etc/sudoers.d/file.test] ?

Colombia · 04-17-2022, 02:40 PM

in my LAMP:

CentOS Linux release 7.9
Server version: Apache/2.4.6 (CentOS)
MySQL versión 5.5.68-MariaDB
PHP 5, PHP_SAPI = apache2handler

not work

some idea about how to resolve ?

michaelk · 04-17-2022, 03:06 PM

Have you checked the error log files /var/log/httpd.

computersavvy · 04-17-2022, 05:36 PM

Quote:

Originally Posted by Colombia

thanks.

I also execute:

Code:

usermod -a -G wheel apache

(add user apache to group wheel) .

This is definitely not a good idea!

Essentially it would allow the web server to execute any command as root so if someone were able to send it a script that ran a command it could potentially give them root access on your system. The web server runs as an unprivileged user (apache) for a reason, and that reason is security.

Colombia · 04-17-2022, 06:38 PM

Quote:

Originally Posted by computersavvy

This is definitely not a good idea!...

thanks by your warning,
this is a WLAN and not is connected to Internet.

Some idea about how we can run any command as ROOT from https://web/file.php ?

michaelk · 04-17-2022, 07:19 PM

What makes it difficult to help is that you provide very little information to the questions we / I ask except for saying it does not work. Here is what I did.

My base configuration was an already configured osboxes.org virtual machine.
Installed apache, php
I added the line as posted to the sudoers configuration file using the visudo editor
I reboot just as a precaution.
I created a test php script as posted above.
I disabled selinux
I ran the script on the same virtual machine using localhost/test.php?action=r
The system rebooted as expected.

Since ssl was not already configured I have not tried https:// yet.

You have been asked multiple times to look at the apache error log files at /var/log/httpd. Were there any errors and if so what?

Are you trying to run the script on the system itself or from a remote computer? If a remote computer have you allowed http/https traffic through the firewall if running?

Have you verified that your php script at least works and outputs something as in post #9?

Unfortunately I don't know how your system is configured differently then my VM.

Colombia · 04-17-2022, 08:12 PM

thanks master by your time.

PHP Code:



if ( htmlspecialchars($_GET['action'])=='r') { 
    echo "You want to reboot"; 
}

sure!, this run perfect!

In POST #2 I put all my info:

Quote:

My LAMP:
CentOs 7
Server version: Apache/2.4.6 (CentOS)
MySQL versión 5.5.68-MariaDB
PHP 5, PHP_SAPI = apache2handler

and yet not run my command

PHP Code:



exec('reboot');

Colombia · 04-17-2022, 08:23 PM

here my file /etc/sudoers.d/apache:

Code:

apache	ALL=(root) NOPASSWD:ALL

here my file /etc/sudoers:

Code:

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
## 
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using 
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Refuse to run if unable to disable echo on the tty.
#
Defaults   !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults    always_set_home
Defaults    match_group_by_gid

# Prior to version 1.8.15, groups listed in sudoers that were not
# found in the system group database were passed to the group
# plugin, if any. Starting with 1.8.15, only groups of the form
# %:group are resolved via the group plugin by default.
# We enable always_query_group_plugin to restore old behavior.
# Disable this option for new behavior.
Defaults    always_query_group_plugin

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on 
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## 	user	MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere 
root	ALL=(ALL) 	ALL

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel	ALL=(ALL)	ALL

## Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL

## Allows members of the users group to mount and unmount the 
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d

... there is supposed ALL into /etc/sudoers.d/* is included/readed by DEFAULT from the OS, true?

Or I need edit something?

michaelk · 04-17-2022, 08:23 PM

Again its the wrong syntax.

Code:

exec('reboot');

should be

Code:

exec('sudo reboot');

Code:

apache	ALL=(root) NOPASSWD:ALL

I just added the line to my sudoers file and not a separate file buy should not matter.

Colombia · 04-17-2022, 08:41 PM

Quote:

Originally Posted by michaelk

Code:

exec('sudo reboot');

...

the result is the same. (nothing happened) using https://web/file.php

michaelk · 04-17-2022, 08:53 PM

Can you post file.php script?
Again did you look at the error.log?
What do mean by nothing happened? What do you see? A blank page, warning message?

Did you configure https?
Do other web pages work at https://web/?

Colombia · 04-17-2022, 09:07 PM

Quote:

Originally Posted by michaelk

Can you post file.php script?

again: thanks by your time :-)

oh sure!, here is:

PHP Code:



SESSION_START();
error_reporting(-1);
ini_set('display_errors', '1');

print_r(exec('whoami'));exit;

Quote:

Originally Posted by michaelk

Do other web pages work at https://web/?

All run perfect, MySQL, PHP, SSH, WIFI, port 80, port 443, etc...

My unique requeriment is execute:

Code:

reboot;

using PHP becouse the command

Code:

$Q = exec('ls -l '.__DIR__, $r, $e);

work PERFECT!

michaelk · 04-17-2022, 09:12 PM

Where is the statement that executes reboot?

Colombia · 04-17-2022, 09:17 PM

Quote:

Originally Posted by michaelk

Where is the statement that executes reboot?

master this code is in the GEIN of file "test.php":

PHP Code:



SESSION_START();
error_reporting(-1);
ini_set('display_errors', '1');

print_r(exec('whoami'));exit;

I can't ADD the FIRST line "{TAG OPEN} ?php" because the web https://www.linuxquestions.org fail when this exists in the "SUBMIT"

michaelk · 04-17-2022, 09:19 PM

I understand. Then just leave out the real tags and just comment where they begin/end

Colombia · 04-17-2022, 09:34 PM

Quote:

Originally Posted by michaelk

just comment where they begin/end

thanks.

here file complet COMPLET "test.php":

PHP Code:



TAGOPEN?php 
SESSION_START(); 
error_reporting(-1); 
ini_set('display_errors', '1'); 
 
exec('reboot', $r, $e); 
print_r($e);

result is:

PHP Code:

this means NOT EXECUTE the code.

But the code

PHP Code:



$Q = exec('ls -l '.__DIR__, $r, $e); 
print_r($Q);

return ALL mi dir (commands NOT ROOT run fine from https://web/test.php) !