PHP5 / exec() / sudoers

Justec · August 20, 2007, 12:16am

On my old server I was able to use the sudoers file to run a script from PHP (apache) as a non-privileged user with a limited command list.

I set this up on my new server and tested on SSH by giving apache a /bin/bash and su’n to apache. While on shell as user apache I was able to do…

/usr/bin/sudo -u theuser /usr/bin/kill 12345

This would kill process 12345, but when trying to do it using PHP exec() it doesn’t work.

exec("/usr/bin/sudo -u theuser /usr/bin/kill $process", $out, $ret);

I setup the visudo the same as it was on the prior server.
Went from CentOS4 > CentOS5 which also means PHP4 to PHP5

I’ve tried a bunch of things and just can’t figure it out. I am thinking it must be PHP b/c I am able to use it from the command line.

I also tried running PHP from command line and the above exec() that doesn’t work from the browser did work as shell user apache using command line php.

Any ideas?

Justec · August 20, 2007, 1:16am

Well I finally found the issue thanks to this guy on the fedora forums

"LuAn@forums.fedoraforum.org":

I just nailed this. The breakthough came when I tried:
$output = exec('/usr/bin/sudo /usr/bin/whoami 2&gt;&1');
The result should be ‘root’ but what I got, courtesy of the bit on the end, was this: ‘sudo: sorry, you must have a tty to run sudo’

A search on that told me that the issue related to a setting in /etc/sudoers which is used in Fedora Core 6 namely:
Defaults requiretty
Apparenly FC6 is the only OS that has that setting (which explains why I was struggling to find any information about what was causing the problem).

So I just commented out the “Default requiretty” and it started working. I love spending hours trying to fix something and all it took was one #