Running command-line application from PHP as specific user

Asked 2/8, 2011 at 14:7 Answered 29/3, 2015 at 17:51

I am running Apache on my localhost. From a PHP script run as www-user I would like to control Rhythmbox playback on my machine. So far I have a simple command in my PHP script:

exec('rhythmbox-client --pause');

This works great when I run it from the command-line as me, but if it runs as www-user I guess rhythmbox-client doesn't know/can't access my instance of Rhythmbox.

Is there an easy way for that PHP script to run as my user rather than www-user, or to tell rhythmbox-client which instance to control?

The overall application is that when my phone goes off-hook it calls my PHP script which pauses music, and resumes playback when the phone is on-hook. I love VoIP phones!

Solution: Thanks to Carpetsmoker and Tarek I used sudo as the answer but there was a couple of problems. To overcome them I did the following:

Created a bash script to call rhythmbox-client. This bash script was executed using sudo in PHP as described in the answer below. Unfortunately rhythmbox-client didn't know what environment to control, so the bash script looks like this:

#! /bin/bash
DBUS_ADDRESS=`grep -z DBUS_SESSION_BUS_ADDRESS /proc/*/environ 2> /dev/null| sed 's/DBUS/\nDBUS/g' | tail -n 1`
if [ "x$DBUS_ADDRESS" != "x" ]; then
        export $DBUS_ADDRESS
        /usr/bin/rhythmbox-client --pause
fi

Now that bash script can be executed by PHP and wwwuser, and my phone can pause/play my music!

Altis answered 2/8, 2011 at 14:7 Comment(3)

what about to try to run rhythmbox-client not-as-root? – Jin 2/8, 2011 at 14:9

Are you planning on only running your server locally? (aka never putting it online) – Glossal 2/8, 2011 at 14:21

@Glossal Yes it's just locally – Altis 2/8, 2011 at 14:51

One solution is using sudo(8):

exec('sudo -u myuser ls /');

You will, obviously, need to setup sudo(8) to allow the user running your webserver to invoke it. Editing the sudoers file with visudo(8), you can use something like:

wwwuser ALL=/usr/bin/rhythmbox-client

To prevent Apache from being able to run other commands and only the rythymbox command.

Bruise answered 2/8, 2011 at 14:19 Comment(5)

Hi thanks for the answer. I edited /etc/sudoers with visudo, but when I exec sudo -u myuser rhythmbox-client --pause I am prompted for the wwwuser password. Is there any way to avoid password authentication for this instance? – Altis 2/8, 2011 at 14:28

change it to wwwuser ALL=NOPASSWD: /usr/bin/rhythmbox-client – Kolkhoz 2/8, 2011 at 14:34

Thanks I changed it to wwwuser ALL=(ALL) NOPASSWD: /usr/bin/rhythmbox-client. It works great if I run it from the command-line as wwwuser, but my PHP script won't run it when called through Apache :( – Altis 2/8, 2011 at 14:52

Thanks both for your help, I posted final solution in the answer. It wasn't just user permissions after all! – Altis 2/8, 2011 at 15:40

@Carpetsmoker, What about Windows Server? – Minetta 15/4, 2016 at 14:15

In my case, the solution came this way:

Added this lines to sudoers file:

myuser ALL=(ALL) NOPASSWD: /usr/bin/prlctl
_www ALL=(ALL) NOPASSWD: /usr/bin/prlctl # IMPORTANT!!!
The EXEC() command in PHP was changed to:

exec("sudo -u myuser prlctl list -a", $out, $r);

Necessitarianism answered 29/3, 2015 at 17:51 Comment(0)

-3

If a process can be run by any user it can be run by PHP. Example is fortune command

-rwxr-xr-x 1 root root 18816 Oct  1  2009 /usr/games/fortune

Look at the x permission for every user. But this some times doesn't at all work and you may have to let the user, www-data or apache etc, run the program. You can sudo www-data and try to run the command. If it works then Apache/PHP should be able to run it.

Dorathydorca answered 2/8, 2011 at 14:28 Comment(0)

Recommended topics

Hot tags