Page 1 of 1
PHP shell_exec not working when adding options Ubuntu Apache2
Posted: Sat Jul 23, 2022 5:24 pm
by axxy
I'm trying to run a command from PHP to disconnect a user from OpenVPN Access Server
Code: Select all
$output = shell_exec('sacli --user test --client_reason EXPIRED DisconnectUser');
echo "<pre>$output</pre>";
This won't work and doesn't disconnect user, I confirmed the full command works in the terminal.
If I just use shell_exec('sacli'); or shell_exec('sacli --help'); it will echo successfully:
Code: Select all
sacli: No command specified
Use --help to show usage
Looks like is throwing this in Apache logs when using shell_exec with options:
Code: Select all
ERROR: [Errno 2] No such file or directory: 'out/tmp-2OtTHkYbGxPA.tmp': util/options:501,sagent/sacli:516,util/file:165,util/file:159,util/file:151,util/simplefile:9 (FileNotFoundError)
Any help is appreciated,
Thanks!
Re: PHP shell_exec not working when adding options Ubuntu Apache2
Posted: Sat Jul 23, 2022 5:49 pm
by openvpn_inc
Hello axxy,
The problem is the user context the process is running under. Commands on the command line must be run as root user. Most likely your PHP processes are not. And they probably also shouldn't be as that's kind of dangerous. From memory I believe you can run sacli as a non root user if you provide credentials for an admin level user in Access Server. You'd have to specify it on the command line like /usr/local/openvpn_as/scripts/sacli -a user -p pass --user test --client_reason EXPIRED DisconnectUser or sometihng. I didn't test this but I think it should work that way.
Good luck,
Johan
Re: PHP shell_exec not working when adding options Ubuntu Apache2
Posted: Sun Jul 24, 2022 2:02 am
by axxy
I have added www-data to sudoers for testing purposes so permissions shouldn't be an issue:
www-data ALL=(ALL) NOPASSWD: ALL
/usr/local/openvpn_as/scripts/sacli -a user -p pass --user test --client_reason EXPIRED DisconnectUser
Also had the same No such file or directory error in Apache error log
Re: PHP shell_exec not working when adding options Ubuntu Apache2
Posted: Mon Jul 25, 2022 11:36 am
by openvpn_inc
Hello axxy,
The problem is basically that sacli needs to create temporary files in a directory where the user you're running as doesn't have permissions to do so, and it requires some knowledge of permissions to solve this. The scripts are made to be run as root user by default and you're not doing so and to be honest I think running a web server that runs things as root user is kinda scary. But it's your choice of course.
What you're doing sounds a bit dangerous to me but if you're adding a user to sudo and you want it to run something as a sudoer you'd have to add 'sudo' in front of the command you're running so it actually runs it as a root empowered user.
Kind regards,
Johan