Issue
I'm trying to read status of a service using php7 on Debian 9. The command is simple:
sudo -u root -S service openvpn@debideb status < /var/www/html/.htpass
I do get desired result when I test it in terminal:
[email protected] - OpenVPN connection to debideb
Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled)
Active: active (running) since Mon 2018-06-25 06:17:15 PDT; 1h 2min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 5049 ExecStart=/usr/sbin/openvpn --daemon ovpn-debideb --status /run/openvpn/debideb.status 10 --cd /etc/openvpn -
Main PID: 5051 (openvpn)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/system-openvpn.slice/[email protected]
└─5051 /usr/sbin/openvpn --daemon ovpn-debideb --status /run/openvpn/debideb.status 10 --cd /etc/openvpn --config
however,when I do it through www-data I get following results:
passthru() returns int(1);
shell_exec() returns NULL;
exec() and system() return string("");
Where did I screw up?
Solution
You could run a CRON to check service status and output the result to some kind of output format then read the output file from the web server user. This way you could isolate the user running the CRON from the webserver user, and make this a lot more secure.
It's a really bad idea to have an exec call in your PHP at all, let alone when the web server has root permissions (which you'd need here.)
Answered By - Allenph Answer Checked By - David Marino (WPSolving Volunteer)
