Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Giving Apache (wwwrun) permission to stop-start dhcpd

  1. #1

    Default Giving Apache (wwwrun) permission to stop-start dhcpd

    Hello hello

    This, bizarrely, is something I had working fine and has now blown up in my face (as the delivery deadline looms).

    User adds a device via a web form (MAC, IP), my PHP script adds a host entry to the dhcpd.conf file and restarts the dhcp server. It was all working and now it isn't.
    I have a shell script called startdhcp.sh, which contains
    this:
    /etc/init.d/dhcpd start
    I have a PHP script which has this:
    $output = shell_exec("sudo /etc/startdhcp.sh");
    wwwrun is on the sudoers list as follows:
    wwwrun ALL = (ALL) NOPASSWD: /etc/startdhcp.sh
    I even tried putting wwwrun in the root group to see if that was the problem but it's still no good.
    Could some patient soul rewalk me through this. I can't see what else I can do, and it really was working before!

    TIA

    sparkie

  2. #2
    Join Date
    Jun 2008
    Location
    Finland, European Union
    Posts
    1,879

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    Add a sudoers exception for the dhcp binary as well and make sure the .sh script is readable/executable by all.

    What does /var/log/apache2/error_log state as the reason?

  3. #3

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    Thank you for the reply. Thanks, too for the reply to the other post. Once I get past this hurdle, I'll be able to move on to the actual dhcp conf!

    Hmm .. the error log reports a prompt for root's password, flagrantly and scandalously ignoring my 'no password for apache' directive...

    where do I set the exception for the dhcp binary? At the file level?

    sparkie

  4. #4

    Default Re: Apache DHCP permissions - getting cheesed off now.

    Hello again, All.
    OK. This is starting to destroy my life. No, no. Let's get things in perspective. This is turning into a royal PITA.

    I cannot, by any means, get Apache (wwwrun) to have permission to stop or start the DHCP service.
    My sudoers file looks like this:

    Defaults always_set_home
    Defaults env_reset
    Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
    LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
    wwwrun ALL = (ALL) NOPASSWD: /etc/init.d/dhcpd stop,/etc/init.d/dhcpd start,/etc/init.d/dhcpd restart

    ALL ALL = (ALL) ALL

    root ALL = (ALL) ALL
    My PHP script is either:
    $output = shell_exec("sudo /etc/init.d/dhcpd start");
    OR:
    $output = shell_exec("sudo /etc/dhcpstart.sh");
    where dhcpstart.sh is file containing the command.
    Apache error log is reporting a prompt for wwwrun's password now.
    Or, if i call without the sudo, simply:
    sh: /etc/init.d/dhcpd: Permission denied.

    Utterly, utterly stuck and wishing I'd been playing footie with the kids instead of being stuck in front of this blessed computer for the whole of my saturday.... any help hugely appreciated.#

    sparkie

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    I set up something similar to run /etc/init.d/dhcpd status from a PHP script and it worked fine. However one difference is that my /etc/sudoers file contains the line

    Defaults targetpw

    as installed by default. This may have a bearing on your problem.

    BTW, you should use the include directive in /etc/dhcpd.conf and edit a file called /etc/dhcpd.conf.local. It keeps things neater.

  6. #6

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    Getting absolutely nowhere with this. Apache log still reports a prompt for root's password when I call:
    $output = shell_exec("sudo /etc/init.d/dhcpd start");

    line in sudoers is now:
    wwwrun ALL = (root) NOPASSWD: /etc/init.d/dhcpd start .....
    It says no password but apache is being prompted for a password. Clearly there is something utterly gigantic that I have not understood about the term NO PASSWORD. It in fact seems to mean YES PASSWORD. Why oh why oh why is it so hard?

    Please help!

    I have now been at this screen for 12, yes 12 hours. ,, ;-( life really is too short for this lark.

  7. #7
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    Ok, try this. First give wwwrun a login shell so that you can do what follows:

    Code:
    chsh -s /bin/bash wwwrun
    The normal value is /bin/false when you want to change it back later.

    Then you can become wwwrun from root and debug the sudoers file:

    Code:
    # su - wwwrun
    You have to edit the sudoers file until you can do:

    Code:
    sudo /etc/init.d/dhcpd restart
    from the command line and not be prompted for a password. It worked for me so you should be able to get it to work.

  8. #8

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    Hi

    Thanks for your patience on this one. A small step in the right direction but I now get an error over ownership of the log file ... /var/log/rc.dhcpd.log
    rm: cannot remove '/var/log/rc.dhcpd.log' : Permission denied. So the dhcp binary seems not to have permission to clear its own log.

    Is all of this something to do with the chroot jail option I see in the Yast config window?

    Mark

  9. #9
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    That log file is removed in /etc/init.d/dhcpd. Since you are supposedly running as root, there should be no problem removing it. Ergo, perhaps you did not gain root power with the sudo.

  10. #10

    Default Re: Giving Apache (wwwrun) permission to stop-start dhcpd

    Still stuck, I'm afraid. I've tried all the permutations I can think of in sudoers = ALL ALL ALL no password, run as root, Rebooting each time. But the apache log always reports a prompt for root's password. IS there a way I can pass in root's password, just to see if it works? Obvioulsy no good in a production box, but I need to demo this to a client today and am getting very frustrated.

    I've been using the Yast sudoers GUI to make these changes. I then used VI (even though I know not the first thing about it - I wasted 20 minutes trying to figure out how to comment out a line - the hash key doesn't enter a hash character, but hey that's another lesson).

    I took out the Defaults targetpw line to see if that was the problem. Instead of promting me for root's password, the Apache log now reports a prompt for wwwrun's password.

    Also, quite an interesting aside, removing the Defaults targetpw line from sudoers, broke the root password for KDE .... I couldn't launch yast from a regular user login. I was prompted for the root password, but KDE said password incorrect. What a brilliant time I'm having!


    So, any other thoughts most welcome!

    Sparkie

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •