PHP exec() to run an internal command

[-Karl-]

Hello,

 

I'm having an issue with exec(), I've also tried shell_exec() too.

 

Basically, I have a server in which I need to run a PHP script, via HTTP, to run a command via the terminal. This is not for any malicious use.

 

What I'm trying to do is to copy a file and overwrite another one via the PHP script, and then to restart a service with it too.

 

The service is CSF.

 

                exec('yes | cp block.conf ../../../etc/csf/csf.conf',$block);
                shell_exec('csf -r');
                print_r($block);
                echo 'Blocked';

 

Basically, that's should copy block.conf in to the csf.conf file and then restart csf, which will block certain ports. There's also another file called unblock.conf, which will do the opposite of the above.

 

Any ideas what could be causing the issues? I've CHMODed the file to 777, etc. Nothing is echo'd apart from "Blocked" but that doesn't give me any indication why it's not working correctly and the $block array is empty.

[-Karl-]

Okay, I've added "2>&1" on to the end of the first command now. And I've received an error! Finally.

 

cp: accessing `../../../etc/csf/csf.conf': Permission denied

 

Now, the problem is, how can I give permission in order to access it?

 

 

Also, I just ran "echo get_current_user();" and it echo'd "root". When root clearly has permissions to access that location. Any ideas?

[xyph]

Use absolute paths?

[-Karl-]

Use absolute paths?

Won't make a difference if I don't have the correct permissions...

[silkfire]

Try chmoding the directory, not the file itself.

[-Karl-]

Already tried that without any look.

 

Also, I echo'd whoami(); and the username was apache, I chown'd the directory and the file to apache, chmod'd 777 as well, still no luck.

[silkfire]

Which of the commands gives you Permission denied, the first or the second one?

[-Karl-]

I assume the first since the file isn't copied.

[DavidAM]

Use absolute paths?

Won't make a difference if I don't have the correct permissions...

 

It will make a difference if your current path is not four levels below the root of the server.

 

The absolute path to /etc is not going to change. I would just use an absolute path there.

[-Karl-]

Use absolute paths?

Won't make a difference if I don't have the correct permissions...

 

It will make a difference if your current path is not four levels below the root of the server.

 

The absolute path to /etc is not going to change. I would just use an absolute path there.

The's nothing wrong with the levels, I also tried it with an absolute path, same error.

[-Karl-]

So I've been messing around a little.

 

I can copy the file to /var/www, /var, /, and even /etc/

 

But once I try to copy to /etc/csf, I get the permission error!

 

The current permissions for /etc/csf are:

drw------- 10 root root    4096 Sep  2 02:10 csf

 

However, if I do chmod 777 /etc/csf/ it will change, but if I do ls -la again it will have changed. Any ideas?

[DavidAM]

Perhaps the csf daemon is monitoring its configuration directory to prevent a mischievous program from altering it in a way that would allow a program to exploit it. If you stop the daemon and chmod/chown the directory, does it "automatically" change back? If it does not change back and you then start the daemon, does it stay changed or change back?

 

There might be a line in the configuration file that specifies what the directory permissions should be.

 

You may have to write a script that will stop the daemon, replace the config file, and then start the daemon. It should not be down for too long, but you will have to watch out for the possibility that the start fails, leaving you unprotected.

 

I would definitely not leave the directory as world writable (777) since that would leave you open to an attack that does exactly what you are trying to do; i.e. replace the configuration file.

 

 

[-Karl-]

Perhaps the csf daemon is monitoring its configuration directory to prevent a mischievous program from altering it in a way that would allow a program to exploit it. If you stop the daemon and chmod/chown the directory, does it "automatically" change back? If it does not change back and you then start the daemon, does it stay changed or change back?

 

There might be a line in the configuration file that specifies what the directory permissions should be.

 

You may have to write a script that will stop the daemon, replace the config file, and then start the daemon. It should not be down for too long, but you will have to watch out for the possibility that the start fails, leaving you unprotected.

 

I would definitely not leave the directory as world writable (777) since that would leave you open to an attack that does exactly what you are trying to do; i.e. replace the configuration file.

Stopping the service did indeed stop it from being CHMOD'd automatically. The only issue being, would I be able to do exec('csf -x'); to stop it, then chmod the directory via the PHP script as long as the chown is set to the apache user? Or would csf -x not work since it will be apache trying to run it, not root?

[-Karl-]

Already answered the above questions:

                exec('csf -x 2>&1',$disable);
                exec('chmod 777 /etc/csf/ 2>&1',$chmod);
                exec('yes | cp block.conf /etc/csf/csf.conf 2>&1',$block);
                exec('csf -s 2>&1');
                print_r($disable);
                print_r($chmod);
                print_r($block);
                echo 'Blocked';

 

Returned:

Array ( [0] => sh: /usr/sbin/csf: Permission denied ) Array ( [0] => chmod: changing permissions of `/etc/csf/': Operation not permitted )

 

Is there a possible workaround for this?

 

 

[-Karl-]

Fixed those issues, now I have:

Array ( [0] => Can't locate Crypt/CBC.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/sbin/csf line 10. [1] => BEGIN failed--compilation aborted at /usr/sbin/csf line 10. ) Array ( ) Array ( ) Blocked

 

Not a clue how to fix that.

[DavidAM]

That error message seems to indicate there is an error in the configuration file. Are you sure that -x is the correct switch to terminate the daemon? I would expect those type of errors to appear at startup. You did not capture the output from -s so I'm a bit confused. Unless you changed your code between your last two posts.

 

Hint: Paste the print_r results in a [ code ] [ /code ] block to make it easier to read (that's the button with the hash-mark on it)

 

[-Karl-]

That error message seems to indicate there is an error in the configuration file. Are you sure that -x is the correct switch to terminate the daemon? I would expect those type of errors to appear at startup. You did not capture the output from -s so I'm a bit confused. Unless you changed your code between your last two posts.

 

Hint: Paste the print_r results in a [ code ] [ /code ] block to make it easier to read (that's the button with the hash-mark on it)

Yes it's correct. And sorry, I just always use PHP tags.

 

I managed to fix it by using  exec('sudo csf -x 2>&1',$disable);

 

Now the script is all working fine, it blocks connections from port 80, etc, but people are still able to connect via certain ports when they shouldn't be able to (as stated in the csf.conf file). But I guess that's a csf issue not a PHP issue.

 

Thanks for all your help anyway.