Permission denied error in php

Question

1.00/5 (1 vote)

See more:

I have pandoc package in the path /root/.cabal/bin/pandoc. I couldn't to execute pandoc package through shell_exec() in php because of the root path.How to solve it??

Posted 2-Jan-15 2:34am

Vidhya Raju

Add a Solution

Comments

Prava-MFS 2-Jan-15 13:00pm

Give the write permission to the root folder recursively or else you can try running the command with super user like sudo <command>.

Vidhya Raju 3-Jan-15 1:07am

I gave write permission to root folder so that I could access root package through command line only,not through php

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Doug Vanderweide · Answer 1 · 2015-01-02T09:28:00

Solution 1

What you are trying to do is extremely dangerous from a security standpoint. Just keep that in mind.

That said, you have two options:

1. Change the permissions of your website's PHP user to be able to execute shell commands. This is a terrible idea and you shouldn't do it because it is very dangerous and will allow any Web visitor to execute commands on your server.

2. Run the command via sudo, and add your PHP user as an accepted sudo user for the pandoc command.

PHP

echo shell_exec('sudo -u ThePHPUserOnYourBox -S /root/.cabal/bin/pandoc')

You should not do this because it is very dangerous. It's more secure than the first option but it's still wildly insecure.

Another option is to build some sort of proxy service that submits your pandoc requests to a worker server, does the conversion you want, sends that converted document someplace else, and notifies the web server that the work is complete.

In other words, pandoc needs to be completely off the webserver, on another server entirely. It needs to receive jobs from the webserver, process them independent of the webserver, and send the completed documents back to the webserver.

Posted 2-Jan-15 9:28am

Doug Vanderweide

Comments

Sergey Alexandrovich Kryukov 2-Jan-15 15:39pm

Agree, 5ed.
—SA

Vidhya Raju 3-Jan-15 1:06am

I tried 'shell_exec('sudo -u ThePHPUserOnYourBox -S /root/.cabal/bin/pandoc')' but no luck.. Actually I gave write permission to root. Through command line it works fine. But If I try to access through php it doesn't work.

Doug Vanderweide 3-Jan-15 10:54am

The problem, once again, is that your PHP user does not have sufficient privileges to execute that binary. Your best solution, once again, is to not run this process at all on your Web box, but to build a proxy service that can do this work off the Web server. If you are willing to ignore all common sense and safety and run that job from the command line anyway, either elevate the privileges of the PHP user. (Not root, the PHP user. Which is almost certainly not root.) Or add the PHP user to sudo as a root user for that process. Both of which would be huge mistakes to do. In other words, just build a proxy service for this file conversion, or find some other means to convert your documents. Because what you are trying to do is very, very dangerous. I don't know if I have made that clear so let me say it again: Don't do what you are trying to do. Just don't.

Vidhya Raju 5-Jan-15 0:14am

Added the following line in the /etc/sudoer file

#Defaults requiretty //commented this line
usergroup ALL=(ALL) ALL

PHP code,

shell_exec("echo password | sudo
-S command"); //added a password for sudo command to run as a root user.

now it works fine... Is it more dangerous?

Doug Vanderweide 5-Jan-15 7:34am

Since I can't see how you set up sudo, I can't answer. But any time you elevate privileges for the web user to root, you are making a mistake.

Vidhya Raju 6-Jan-15 1:27am

I don't have a enough knowledge in building a proxy service and I don't know that. Can you tell me how to do it?