Find the answer to your Linux question:
Results 1 to 5 of 5
Hi! I'm fairly new to the whole Linux thing and I'm sure this is a relatively simple deal. The scenario is easy enough to understand: I am running a distribution ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2013
    Posts
    3

    Run a shell script from within another shell script?


    Hi!
    I'm fairly new to the whole Linux thing and I'm sure this is a relatively simple deal. The scenario is easy enough to understand:

    I am running a distribution of Tomcat. From a PHP page running in Apache I want to invoke a call to a shell script via shell_exec() that should be able to do a couple of things including accessing the $CATALINA_HOME/bin/shutdown.sh and startup.sh scripts.

    I have been at this all day and can't figure it out. I am positive it's a permission problem. When accessing the php script in apache, if I run a simple "whoami" I get a different user than when I access the script via SSH (this is a remote server).

    I have root access, so I assume I need to somehow modify sudoers (I've messed around with visudo to no avail).

    To break it down, the apache user is "nobody", which is probably a problem right there. But, when I access the script via the PHP call in the browser, "whoami" returns the name of the cpanel account that the php script belongs to - "ncc". Accessing the shell script via SSH as root obviously returns root.

    The user "ncc" does not have root permissions of any sort.

    The php script is at:
    /home/ncc/public_html/test/test.php

    The shell script is in the same directory (for ease of testing, I'll move it somewhere safer later):
    /home/ncc/public_html/test/script.sh

    and the tomcat directory is elsewhere:
    /opt/apache-tomcat-7.0.39/bin/shutdown.sh

    In visudo I have tried many things, getting broader and broader with permissions. I just think I don't understand it and just reverted back to the original sudoers file.

    The actual script I am running is:
    #!/bin/bash
    sh /opt/apache-tomcat-7.0.39/bin/shutdown.sh

    I've tried it in many forms. Doing a simple echo works so I know it gets into the script. It has to be permissions, but it fails silently (frustratingly so) and I don't know how to turn on any sort of error reporting (any ideas there would be awesome too).

    I have also messed around extensively with cmod including setting to -rwxrwxrwx (777) as well as changing the owner to root with the same settings.

    This isn't that complicated, but my experience is limited and I'm a bit confused. I'd like to do it right and not expose a bunch of security holes. The end goal is to be able to access an administration page and restart my tomcat server if necessary in the event that I don't have SSH access (or for somebody in my company to be able to do it without knowing a single thing about ssh or linux or whatever). Overall, though, this is just an exercise in running shell scripts to get me familiar with Linux, so if you could refrain from asking me "why the heck do you want to do that, tomcat already has a manager panel" and stay focused that would be awesome.

    Thanks in advance. The internet has been helpful but nothing has answered my questions.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Hello and welcome!

    First off, have you checked the apache log for errors? try /var/log/httpd/error_log and if that is not it, let us know your linux distro and we can tell you where to look for it.

    I think sudo is your problem. can you show the sudo entry you are using? i think you want something like this:

    Code:
    nobody ALL = (root) NOPASSWD: /opt/apache-tomcat-7.0.39/bin/shutdown.sh
    also, make sure that script is executable, e.g.:
    Code:
    chmod +x /opt/apache-tomcat-7.0.39/bin/shutdown.sh
    I assume this sudo call is in the PHP script, yes? it will need to be run like this:

    Code:
    sudo /opt/apache-tomcat-7.0.39/bin/shutdown.sh
    normally, the "nobody" account has logging in prevented, so you can't su to nobody and test it. you can temporarily enable it by setting the shell to /bin/bash, instead of /sbin/nologin in /etc/passwd. or if you don't want to mess with that, just try it in your PHP script.

    if it doesn't work, check the syslog (/var/log/messages or /var/log/syslog, usually). if it complains about no tty, you might have to comment this line in /etc/sudoers (using the visudo command):

    Code:
    Defaults requiretty
    in other words, change it to:
    Code:
    #Defaults requiretty
    if all that doesn't work, try enabling PHP logging in your php.ini file.

  3. #3
    Just Joined!
    Join Date
    Apr 2013
    Posts
    3
    THANK YOU. That's a bunch of solutions for me to try! A lot of it points me in the right direction, it looks like (or at least it feels like it). I'll give it all a shot in the AM and let you know how it goes. Thank you thank you!

  4. #4
    Just Joined!
    Join Date
    Apr 2013
    Posts
    3
    None of that worked
    My php logging is already enabled, but the PHP script is fine (THAT is something I am good at)...
    There are no logs being generated anyways (IE no errors).
    Should I change the apache user to the daemon/daemon? I am reading around and I see that that is usually the default user for the apache user, and for whatever reason my install is set to "nobody"....

  5. #5
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by dudewad View Post
    None of that worked
    My php logging is already enabled, but the PHP script is fine (THAT is something I am good at)...
    can you show the portion of the PHP script that does the system call?

    There are no logs being generated anyways (IE no errors).
    do you mean to say that there is nothing in the apache error log?

    Should I change the apache user to the daemon/daemon? I am reading around and I see that that is usually the default user for the apache user, and for whatever reason my install is set to "nobody"....
    change it where? your sudo entry should be for whatever user is running the httpd process, which you can see in the first column of this command:
    Code:
    ps auxww|grep httpd
    that same user should be defined in the config file. say your config file is in /etc/httpd/conf/httpd.conf, you could do this:

    Code:
    grep ^User /etc/httpd/conf/httpd.conf
    can you also show your sudo entry, the one that pertains to the PHP system command you are trying to run?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •