0

I used this tutorial (sorry, it's German) to switch my 433MHz sockets: https://tutorials-raspberrypi.de/raspberry-pi-funksteckdosen-433-mhz-steuern/

I compiled a file that switches the sockets on and off by RC code. If I run it directly on the Pi Shell it works fine:

sudo /var/www/html/bin/RPiControl -3313

but if I run it via exec() on my PHP script, it does not:

exec('sudo /var/www/html/bin/RPiControl -3313', $output, $return);

Here's what I tried so far:

  • There is no return/output value
  • I'm using lighttpd as webserver on Raspi 3 with default Raspian
  • The script is located at /var/www/html
  • The binary is located at /var/www/html/bin (also tried the home directory)
  • The webserver/php seems to run under the default user "pi" (I'm wondering, on my other linux machines it used to be www-data user)
  • I tried to gave sudo permissions to the "pi" user (tried www-data as well)
  • I made the "Pi" User owner of the PHP script(s) and the binary
  • I chmodded the PHP scripts with 777
  • I already tried this: sudo in php exec()

I guess it's a permission issue to use "sudo" with PHP execute. If I try sudo la la it's not working as well.

How can I allow the binary to be executed without sudo, or allow PHP to use sudo?

Thanks in advance.

Dave
  • 263
  • 3
  • 11
  • Is the web server reachable on the internet? Are you sure you want PHP to be able to run things as root? It sounds like you're basically giving out control of the server to whoever stumbles on it – JimL Oct 07 '17 at 15:31
  • No its just in the local network, to switch on my TV Lights... – Dave Oct 07 '17 at 16:04
  • Possible duplicate of [sudo in php exec()](https://stackoverflow.com/questions/3173201/sudo-in-php-exec) – jww Oct 07 '17 at 16:04
  • Is there a way to allow the binary to run without sudo? – Dave Oct 07 '17 at 16:08
  • You probably need to write a stand-alone executable that takes the desired state as program arguments (is that `RPiControl` ?). Make it a setuid binary so it can toggle the LEDs (or what ever it does; I was not sure what a "sockes" was). Then, have PHP call it with the desired state (on/off) but without sudo. Your stand alone program can also have its ACL bits set so only the web server can call it, but it seems to be a bit more than needed. Be careful of setuid scripts; prefer compiled programs. – jww Oct 07 '17 at 17:59
  • Yes you described it coccectly. I pass a parameter (for on and off) to my binary. I tried setting the SUID Bit (chmod u+s) bit it didn't work as well... Sockets: https://www.google.de/search?newwindow=1&safe=off&biw=1670&bih=1047&tbm=isch&sa=1&q=socket+schuko&oq=socket+schuko&gs_l=psy-ab.3..0i8i30k1l4.9153.10094.0.10292.7.7.0.0.0.0.157.617.4j2.6.0....0...1.1.64.psy-ab..1.6.613...0j0i30k1j0i19k1j0i5i30i19k1j0i8i30i19k1.0.ZvcsRHmtyrc – Dave Oct 07 '17 at 18:19
  • I think you need a program, not a script, to do it. If the script is setuid, then its interpreter must be setuid also. Also see [How to run an external command as a specific user in PHP](https://stackoverflow.com/q/1898393/608639), [How to do a linux reboot from php file](https://stackoverflow.com/q/24100055/608639), [How to call shell script from php that requires SUDO?](https://stackoverflow.com/q/3166123/608639) and [php call setuid program](https://www.google.com/search?q=php+how+to+call+setuid+program). – jww Oct 07 '17 at 19:20

1 Answers1

0

Is there a way to allow the binary to run without sudo?

I tried setting the SUID Bit (chmod u+s) bit it didn't work as well

If you set the SUID bit the executable runs with the same right of the user that owns the executable.

So if the executable file is owned by user hello the executable will run with the access rights of the user hello and if the file is owned by the administrator (root) it runs with administrator rights.

Therefore you first have to change the owner of the executable file before you set the SUID bit (if the SUID bit is already set it will be removed and must be set again):

sudo chown root:root /some/file/name
sudo chmod u+s /some/file/name

If the executable calls another executable (it starts other executable files using exec) the other executable will by default not be executed with changed access rights.

For this reason you cannot use the SUID bit for shell scripts...

This behaviour can be changed using the following line of code in the source code of the file which has the SUID bit set (if the program is written in C or C++):

setreuid(geteuid(), geteuid());

(Which requires the following header #include line:)

#include <unistd.h>
Community
  • 1
  • 1
Martin Rosenau
  • 14,832
  • 2
  • 13
  • 30