sudo: no tty present and no askpass program specified When useing shell_exec

php linux apache sudo shell-exec

10,256

Solution 1

Although my setup is a little different (I'm not trying to achieve it without a password), I use this in the sudoers file:

apache ALL=(ALL) ALL
Defaults:apache !requiretty

I then run things as:

echo '{password}' | sudo -S {command}

Solution 2

From command prompt run

sudo visudo

Then go to the last line of the file and add the following line:

%www-data ALL=NOPASSWD: <Your-Command-Here>

Hope this works!

10,256

Author by

mando222

By day I code to feed those that depend on me. By night I code to further the global domination goals of my robot overlords.

Updated on June 27, 2022

Comments

mando222 almost 2 years

I have a php page that is trying to run a service restart using:

$list=shell_exec('sudo /sbin/service NetworkManager restart');

I needed to edit my sudoers file to let this happen. Thus:

#Defaults requiretty

and

apache ALL=(ALL) NOPASSWD: /sbin/service

When that failed, as a test I ran:

apache ALL=(ALL) NOPASSWD: ALL

I have run a shell_exec without the sudo command:

$list=shell_exec('whoami');

echo $list;

This returned "apache" as expected. So I ran:

$list=shell_exec('id');

echo $list;

This returned “uid=48(apache) gid=48(apache) groups=48(apache),10(wheel)”

I checked the permissions of the files against a working system that is doing the same thing and they matched up. After that just for testing sake I changed all file permissions to 777. Still nothing. In the apache error log I get the line "sudo: no tty present and no askpass program specified". As I understand it that applies to the #Defaults requiretty line in the sudoers file but as stated that has been commented out. I have done a bit more testing with it and my current entry in the sudoers file is:

#Defaults requiretty

ALL ALL=(ALL) NOPASSWD: ALL

I know not to run the server this way as it is a huge security risk but at this point I am at a total loss for what is locking me down. Selinux is off all permissions are 777 and the ownership of files matches a working system I have. With all of this and all possible security I can think of turned off I still have the “sudo: no tty present and no askpass program specified” line in my /var/log/httpd/error_log every time. The output of:

$list=shell_exec('sudo echo "yes" 2>&1 ');

echo $list;

Is also “sudo: no tty present and no askpass program specified”? I could really use some help on this one. I have read every article for 4 google pages on this every way I can think to google it.
mando222 over 8 years

Doesn't the apache ALL=(ALL) ALL leave you exposed to attack? One of the goals of my project is to minimize attack vectors. I can see how this would work but I don't think it is quite what I need.