sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
As @danzel mentions in a comment to this answer, make sure the script is not writable by
www-data
or else a bug allowing users to modify somehow means you are giving full access on the OS to anyone who has access to the webpage.
When you open a PHP page in your browser, that script will not run with your user. But instead, it's using the www-data
user.
You need to add the www-data
to the sudoers files to make the sudo command work without a password, not your user.
However, this is very dangerous as you are giving sudo access to your web server, and especially if this is an environment that can be accessed by anyone. If there's another way to execute the script without sudo, that should be your solution.
If not, give access only to that specific script, and not ALL
commands!
www-data ALL=NOPASSWD: /path/to/your/script
The following is probably even worse practice than the previous to set up for a web server user, but I will leave it for your judgement as it's part of the question. When you run sudo -S ...
, the command will be expecting the input from stdin
without the need for a prompt in the terminal. So the command would need to look like one of:
echo $PASSOWRD | sudo -S /path/to/command
sudo -S /path/to/command < password.secret
Comments
-
mfx28 over 1 year
I'm currently getting this error in browser. I wan't to execute a script through php, but somehow I'm getting this by printing with
echo shell_exec (...) 2>&1
:sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
I already added -S and got this one:
[sudo] password for www-data: sudo: no password was provided
I've already added myself into
sudoers
and still got no solution.-
Dan almost 4 yearsYou're missing some information, but I assume you are using the browser to open a PHP page (with apache?) that runs a shell command, and that shell command requires sudo?
-
mfx28 almost 4 years@Dan yes, I'm using a PHP page with apache, and yup, it requires sudo otherwise It get the "permission denied" error
-
danzel almost 4 yearsPlease edit your question and explain what you actually want to achieve. What you describe sounds like a terrible idea...
-
-
danzel almost 4 yearsIt would be worth mentioning that the script that will be executed as root must not be writable by
www-data
because that would result inwww-data
being able to do everything as root. Apart from that, I suggest adding a huge warning at the top of the answer. -
mfx28 almost 4 yearsIt actually worked for what I'm trying to do. Thanks a lot
-
Levente about 3 yearsApache seems to have a module called
suexec
, how is that related to all this? packages.ubuntu.com/… -
Dan about 3 years@Levente I don't have experience with that module, to be honest. You can check its documentation here: httpd.apache.org/docs/2.4/suexec.html. However, it seems to be a "risky" module to have enabled if you aren't sure how to use it and/or configure it (Not that this answer's method lacks any of the risks by itself).