DirtyBirdNJ's picture

Hello,

I am trying to set up some PHP scripts that will turn on/off a daemon (fatcontroller for some AWS SQS processing) via /etc/init.d/. Turnkey appliances seem to come without suod installed, so I ran a simple apt-get install sudo.

When I just use the php function:

exec('/etc/init.d/fatcontrollerd start');

I get: You need root privileges to run this script

Ok, this makes sense... the Apache www-data user doesn't have permissions to start/stop daemons. So I read about how you can give the password to the sudo command using a pipe (http://stackoverflow.com/questions/11955298/use-sudo-with-password-as-parameter), and I tried this:

exec('echo password | sudo /etc/init.d/fatcontrollerd start');

This doesn't return anything (usually exec returns output of the command)... so I tried running the same command via a terminal window after doing su www-data to see exactly what's happning. This is the output I get:

So... it looks like for whatever reason whenever I try to sudo as the www-data user, sudo appears to be trying to run the command as www-data instead of root? I tried providing sudo the -u option to force the user I'm trying to access when running sudo, but the prompt keeps asking for the www-data user password!

This issue is complicated because the Turnkey appliances do NOT come with sudo installed, so I am not entirely sure I haven't missed some important step that was required after running apt-get install sudo.

Thanks for any help you can provide!

Forum: 
Jeremy Davis's picture

I know it seems obvious, but you didn't explicitly say that you did so that'd be my first guess. Also by default the www-data account is locked down and won't allow login. I am not sure but perhaps that applies to running as sudo as well?

Eric (tssgery)'s picture

Sorry, but I may be a little slow today. If you're logged in as www-data and run sudo, it will prompt you for www-data's password. I would probably set this up by configurting /etc/sudoers so that www-data does not need to supply a password to run specific commands (an example can be found here).

It might help if you posted the contents of your fatcontrollerd script.

Jeremy Davis's picture

Thanks Eric... I have been away and it didn't occur to me it should have been asking for the root password... Not www-data.

Excuse me everyone... tired head! :)

Eric (tssgery)'s picture

The default sudoers file won't contain specific entries for sadmin. You can follow the link I posted to see how to configure sudo so that 'sadmin' does not need to provide a password.

I suspect that the commmand you are trying to execute via fatcontrollerd is attempting to elevate permissions to the sadmin and that's why you're being prompted. 

Eric (tssgery)'s picture

Just to see if I understand...

When you run "sudo ls" while logged in as bscharff, it prompts you for sadmin's password?

If so, that is a very odd thing. I always add sudo to my TKL appliances as I deem it crucial but have never seen this issue.

Eric (tssgery)'s picture

I thought I posted this but don't see it now.

I'll try to recreate it. What TKL appliance are you seeing this on?

Eric (tssgery)'s picture

I just deployed a lamp appliance (version 13.0) and then:

- "apt-get update"

- "apt-get install sudo"

- "adduser --home /home/eric --shell /bin/bash eric"

- logged out

- logged in as eric

- ran "sudo ls". I got an error that user 'eric' was not in the /etc/sudoers file, so I added it

- ran "sudo ls" again and all worked fine

 

I don't even have an sadmin user defined in my system. Did you install other software on your appliance that might have modified  the system?

Jeremy Davis's picture

This thread is pretty old now, so not sure if this is still an issue.

FWIW though, AFAIK that's the fundamental difference between su and sudo. su requires the root user password, whereas sudo requires the password of the user account which you run sudo as.

Add new comment