OpenVPN Support Forum

I'm trying to run a command from PHP to disconnect a user from OpenVPN Access Server
This won't work and doesn't disconnect user, I confirmed the full command works in the terminal.

If I just use shell_exec('sacli'); or shell_exec('sacli --help'); it will echo successfully:
Looks like is throwing this in Apache logs when using shell_exec with options:
Any help is appreciated,

Thanks!

Hello axxy,

The problem is the user context the process is running under. Commands on the command line must be run as root user. Most likely your PHP processes are not. And they probably also shouldn't be as that's kind of dangerous. From memory I believe you can run sacli as a non root user if you provide credentials for an admin level user in Access Server. You'd have to specify it on the command line like /usr/local/openvpn_as/scripts/sacli -a user -p pass --user test --client_reason EXPIRED DisconnectUser or sometihng. I didn't test this but I think it should work that way.

Good luck,
Johan

I have added www-data to sudoers for testing purposes so permissions shouldn't be an issue:
www-data ALL=(ALL) NOPASSWD: ALL

/usr/local/openvpn_as/scripts/sacli -a user -p pass --user test --client_reason EXPIRED DisconnectUser
Also had the same No such file or directory error in Apache error log

Hello axxy,

The problem is basically that sacli needs to create temporary files in a directory where the user you're running as doesn't have permissions to do so, and it requires some knowledge of permissions to solve this. The scripts are made to be run as root user by default and you're not doing so and to be honest I think running a web server that runs things as root user is kinda scary. But it's your choice of course.

What you're doing sounds a bit dangerous to me but if you're adding a user to sudo and you want it to run something as a sudoer you'd have to add 'sudo' in front of the command you're running so it actually runs it as a root empowered user.

Kind regards,
Johan