I have a php script with this:
<?php
#echo exec('whoami');
$output = shell_exec('bash /usr/local/svn/bash_repo/make-live');
echo "$output";
?>
The make-live script contains this:
#!/bin/bash
cd /var/www-cake
sudo svn checkout file:///usr/local/svn/bash_repo/repo/
echo "Head revision has been pushed to live server"
So the PHP user who is www-data needs to have nopasswd for that script. I am told I need to add:
www-data ALL=NOPASSWD: /usr/local/svn/bash_repo/make-live
To sudoers to allow this. First I run sudo visudo but I have no experience with vi so I try to open it in gedit with export EDITOR=gedit && sudo -E visudo which then just opens a sudoers.tmp file which is empty. I add the line and save it. But it doesn't do save.
So I just try sudo visudo and I add the line right beneath this part:
# User privilege specification
root ALL=(ALL) ALL
www-data ALL=NOPASSWD: /usr/local/svn/bash_repo/make-live
I closed out sudoers and reopened to verify that it has saved. I even restart apache.
I run the php file and it still doesn't work.
What am I missing?
Adding your apache user
www-datato sudoers and then worse adding a no-password option is a REALLY BAD IDEA. It's a security issue to have the apache user being able to do anything as root and you should avoid it.What you need to do is change the permissions of /var/www-cake so that www-data can write to it when you run
svn checkoutwithout the sudo.Try this:
sudo chown www-data:www-data /var/www-cakeRemove the sudo and try again.