PHP shell_exec not working when adding options Ubuntu Apache2

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
axxy
OpenVpn Newbie
Posts: 2
Joined: Sat Jul 23, 2022 5:22 pm

PHP shell_exec not working when adding options Ubuntu Apache2

Post by axxy » Sat Jul 23, 2022 5:24 pm

I'm trying to run a command from PHP to disconnect a user from OpenVPN Access Server

Code: Select all

    $output = shell_exec('sacli --user test --client_reason EXPIRED DisconnectUser');
    echo "<pre>$output</pre>";
This won't work and doesn't disconnect user, I confirmed the full command works in the terminal.

If I just use shell_exec('sacli'); or shell_exec('sacli --help'); it will echo successfully:

Code: Select all

sacli: No command specified

Use --help to show usage
Looks like is throwing this in Apache logs when using shell_exec with options:

Code: Select all

ERROR: [Errno 2] No such file or directory: 'out/tmp-2OtTHkYbGxPA.tmp': util/options:501,sagent/sacli:516,util/file:165,util/file:159,util/file:151,util/simplefile:9 (FileNotFoundError)
Any help is appreciated,

Thanks!

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: PHP shell_exec not working when adding options Ubuntu Apache2

Post by openvpn_inc » Sat Jul 23, 2022 5:49 pm

Hello axxy,

The problem is the user context the process is running under. Commands on the command line must be run as root user. Most likely your PHP processes are not. And they probably also shouldn't be as that's kind of dangerous. From memory I believe you can run sacli as a non root user if you provide credentials for an admin level user in Access Server. You'd have to specify it on the command line like /usr/local/openvpn_as/scripts/sacli -a user -p pass --user test --client_reason EXPIRED DisconnectUser or sometihng. I didn't test this but I think it should work that way.

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

axxy
OpenVpn Newbie
Posts: 2
Joined: Sat Jul 23, 2022 5:22 pm

Re: PHP shell_exec not working when adding options Ubuntu Apache2

Post by axxy » Sun Jul 24, 2022 2:02 am

I have added www-data to sudoers for testing purposes so permissions shouldn't be an issue:
www-data ALL=(ALL) NOPASSWD: ALL

/usr/local/openvpn_as/scripts/sacli -a user -p pass --user test --client_reason EXPIRED DisconnectUser
Also had the same No such file or directory error in Apache error log

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: PHP shell_exec not working when adding options Ubuntu Apache2

Post by openvpn_inc » Mon Jul 25, 2022 11:36 am

Hello axxy,

The problem is basically that sacli needs to create temporary files in a directory where the user you're running as doesn't have permissions to do so, and it requires some knowledge of permissions to solve this. The scripts are made to be run as root user by default and you're not doing so and to be honest I think running a web server that runs things as root user is kinda scary. But it's your choice of course.

What you're doing sounds a bit dangerous to me but if you're adding a user to sudo and you want it to run something as a sudoer you'd have to add 'sudo' in front of the command you're running so it actually runs it as a root empowered user.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply