Restart PHP-FPM from a PHP script Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionnginx php-fpm index.php doesn't loadNGINX + PHP-FPM Permission deniedHow to prevent the caller's shell from being used in sudoCustom Linux Hosting Control Panel in PHP - running commands as rootNginx + PHP-FPM serving .php files as downloadsFedora - Nginx PHP-FPM - constantly changing FPM Socket to rootCan't execute KDE Dolphin from web-based PHP Script - but works for all other X programsNginx version agnostic php-fpm configurationNginx running php-fpm and php processPHP-FPM: 'No such file or directory' error from nginx/error.log. Path or permissions issue?

Is grep documentation wrong?

What does "lightly crushed" mean for cardamon pods?

Fantasy story; one type of magic grows in power with use, but the more powerful they are, they more they are drawn to travel to their source

Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?

If a VARCHAR(MAX) column is included in an index, is the entire value always stored in the index page(s)?

How do pianists reach extremely loud dynamics?

Fundamental Solution of the Pell Equation

Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?

Around usage results

Is it a good idea to use CNN to classify 1D signal?

Delete nth line from bottom

How does the math work when buying airline miles?

Wu formula for manifolds with boundary

2001: A Space Odyssey's use of the song "Daisy Bell" (Bicycle Built for Two); life imitates art or vice-versa?

What does the "x" in "x86" represent?

What are the out-of-universe reasons for the references to Toby Maguire-era Spider-Man in ITSV

Is there any way for the UK Prime Minister to make a motion directly dependent on Government confidence?

Why wasn't DOSKEY integrated with COMMAND.COM?

What would be the ideal power source for a cybernetic eye?

Can anything be seen from the center of the Boötes void? How dark would it be?

Is the Standard Deduction better than Itemized when both are the same amount?

For a new assistant professor in CS, how to build/manage a publication pipeline

Is this homebrew Lady of Pain warlock patron balanced?

If u is orthogonal to both v and w, and u not equal to 0, argue that u is not in the span of v and w. (



Restart PHP-FPM from a PHP script



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionnginx php-fpm index.php doesn't loadNGINX + PHP-FPM Permission deniedHow to prevent the caller's shell from being used in sudoCustom Linux Hosting Control Panel in PHP - running commands as rootNginx + PHP-FPM serving .php files as downloadsFedora - Nginx PHP-FPM - constantly changing FPM Socket to rootCan't execute KDE Dolphin from web-based PHP Script - but works for all other X programsNginx version agnostic php-fpm configurationNginx running php-fpm and php processPHP-FPM: 'No such file or directory' error from nginx/error.log. Path or permissions issue?



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















I am running a LEMP stack and wish to write a simple control panel for it.



So, I want to be able to restart php-fpm from a php script. To achieve this, this is what I did.



Created a binary wrapper in c like this php-shell.c:



#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define MAX_CMN_LEN 100

int main(int argc, char *argv[])

 char cmd[MAX_CMN_LEN] = "", **p;

 if (argc < 2)
 
 fprintf(stderr, "Usage: ./php_shell terminal_command ...");
 exit(EXIT_FAILURE);
 
 else
 
 strcat(cmd, argv[1]);
 for (p = &argv[2]; *p; p++)
 
 strcat(cmd, " ");
 strcat(cmd, *p);
 
 system(cmd);
 

 return 0;



This program was compiled like this:



gcc php_shell.c -o php_shell


I have then added nginx user to sudo visudo like this:



Defaults:nginx !requiretty
nginx ALL=(ALL) NOPASSWD:/path/to/php_shell


Then I executed the command in a php script like this:



var_dump(shell_exec('sudo /path/to/php_shell "service nginx restart" 2>&1'));


As soon as I run this script php script, I get 502 Gateway Error and it appears all php-fpm processes has been killed off and it does not start back up.



Any ideas? Am I doing this wrong? I want to be able to restart nginx server from php script by executing service nginx restart. How can I achieve this?






linux sudo php nginx







share|improve this question






























    1















    I am running a LEMP stack and wish to write a simple control panel for it.



    So, I want to be able to restart php-fpm from a php script. To achieve this, this is what I did.



    Created a binary wrapper in c like this php-shell.c:



    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>

    #define MAX_CMN_LEN 100

    int main(int argc, char *argv[])

     char cmd[MAX_CMN_LEN] = "", **p;

     if (argc < 2)
     
     fprintf(stderr, "Usage: ./php_shell terminal_command ...");
     exit(EXIT_FAILURE);
     
     else
     
     strcat(cmd, argv[1]);
     for (p = &argv[2]; *p; p++)
     
     strcat(cmd, " ");
     strcat(cmd, *p);
     
     system(cmd);
     

     return 0;



    This program was compiled like this:



    gcc php_shell.c -o php_shell


    I have then added nginx user to sudo visudo like this:



    Defaults:nginx !requiretty
    nginx ALL=(ALL) NOPASSWD:/path/to/php_shell


    Then I executed the command in a php script like this:



    var_dump(shell_exec('sudo /path/to/php_shell "service nginx restart" 2>&1'));


    As soon as I run this script php script, I get 502 Gateway Error and it appears all php-fpm processes has been killed off and it does not start back up.



    Any ideas? Am I doing this wrong? I want to be able to restart nginx server from php script by executing service nginx restart. How can I achieve this?






    linux sudo php nginx







    share|improve this question


























      1












      1








      1








      I am running a LEMP stack and wish to write a simple control panel for it.



      So, I want to be able to restart php-fpm from a php script. To achieve this, this is what I did.



      Created a binary wrapper in c like this php-shell.c:



      #include <stdio.h>
      #include <stdlib.h>
      #include <string.h>

      #define MAX_CMN_LEN 100

      int main(int argc, char *argv[])

       char cmd[MAX_CMN_LEN] = "", **p;

       if (argc < 2)
       
       fprintf(stderr, "Usage: ./php_shell terminal_command ...");
       exit(EXIT_FAILURE);
       
       else
       
       strcat(cmd, argv[1]);
       for (p = &argv[2]; *p; p++)
       
       strcat(cmd, " ");
       strcat(cmd, *p);
       
       system(cmd);
       

       return 0;



      This program was compiled like this:



      gcc php_shell.c -o php_shell


      I have then added nginx user to sudo visudo like this:



      Defaults:nginx !requiretty
      nginx ALL=(ALL) NOPASSWD:/path/to/php_shell


      Then I executed the command in a php script like this:



      var_dump(shell_exec('sudo /path/to/php_shell "service nginx restart" 2>&1'));


      As soon as I run this script php script, I get 502 Gateway Error and it appears all php-fpm processes has been killed off and it does not start back up.



      Any ideas? Am I doing this wrong? I want to be able to restart nginx server from php script by executing service nginx restart. How can I achieve this?






      linux sudo php nginx







      share|improve this question
















      I am running a LEMP stack and wish to write a simple control panel for it.



      So, I want to be able to restart php-fpm from a php script. To achieve this, this is what I did.



      Created a binary wrapper in c like this php-shell.c:



      #include <stdio.h>
      #include <stdlib.h>
      #include <string.h>

      #define MAX_CMN_LEN 100

      int main(int argc, char *argv[])

       char cmd[MAX_CMN_LEN] = "", **p;

       if (argc < 2)
       
       fprintf(stderr, "Usage: ./php_shell terminal_command ...");
       exit(EXIT_FAILURE);
       
       else
       
       strcat(cmd, argv[1]);
       for (p = &argv[2]; *p; p++)
       
       strcat(cmd, " ");
       strcat(cmd, *p);
       
       system(cmd);
       

       return 0;



      This program was compiled like this:



      gcc php_shell.c -o php_shell


      I have then added nginx user to sudo visudo like this:



      Defaults:nginx !requiretty
      nginx ALL=(ALL) NOPASSWD:/path/to/php_shell


      Then I executed the command in a php script like this:



      var_dump(shell_exec('sudo /path/to/php_shell "service nginx restart" 2>&1'));


      As soon as I run this script php script, I get 502 Gateway Error and it appears all php-fpm processes has been killed off and it does not start back up.



      Any ideas? Am I doing this wrong? I want to be able to restart nginx server from php script by executing service nginx restart. How can I achieve this?






      linux sudo php nginx




      linux sudo php nginx






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 10 at 14:03









      Rui F Ribeiro

      42.1k1484142




      42.1k1484142










      asked Oct 25 '15 at 23:08









      LatheesanLatheesan

      1085




      1085




















          1 Answer
          1






          active

          oldest

          votes


















          1














          Congratulations! You are on the path to giving unrestricted root access to anyone who can make your nginx server run arbitrary code. You had better be sure that every single CGI script and php page and anything else that might be used to execute arbitrary code is secure.



          Your C wrapper is equivalent to configuring sudo to allow nginx to run any command at all as root.



          DON'T do it like that.



          Write individual shell script (or whatever) wrappers for specific commands and then grant sudo access only to those wrapper scripts. For example, /usr/local/sbin/restart-nginx.sh which does nothing but service nginx restart and give nginx sudo access to that script.



          Then write another, completely separate script to run, say, dmidecode -s system-uuid as in your previous question. And give nginx sudo access to that script too.



          The simpler and less complicated each individual script, the better. Safest of all is to take no user input at all, not from the command-line and not from environment variables.



          If some of your wrapper scripts must take user input, sanity check and sanitise all user-supplied input before using it. And quote your variables - e.g. always use "$variable" and never just $variable without quotes.



          If your wrapper scripts are getting excessively long and complicated then try to identify just the minimum command or set of commands that need to be run as root and write them as a separate script (or scripts), which are called by sudo from the main script. i.e. run as little as possible as root.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f238595%2frestart-php-fpm-from-a-php-script%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            Congratulations! You are on the path to giving unrestricted root access to anyone who can make your nginx server run arbitrary code. You had better be sure that every single CGI script and php page and anything else that might be used to execute arbitrary code is secure.



            Your C wrapper is equivalent to configuring sudo to allow nginx to run any command at all as root.



            DON'T do it like that.



            Write individual shell script (or whatever) wrappers for specific commands and then grant sudo access only to those wrapper scripts. For example, /usr/local/sbin/restart-nginx.sh which does nothing but service nginx restart and give nginx sudo access to that script.



            Then write another, completely separate script to run, say, dmidecode -s system-uuid as in your previous question. And give nginx sudo access to that script too.



            The simpler and less complicated each individual script, the better. Safest of all is to take no user input at all, not from the command-line and not from environment variables.



            If some of your wrapper scripts must take user input, sanity check and sanitise all user-supplied input before using it. And quote your variables - e.g. always use "$variable" and never just $variable without quotes.



            If your wrapper scripts are getting excessively long and complicated then try to identify just the minimum command or set of commands that need to be run as root and write them as a separate script (or scripts), which are called by sudo from the main script. i.e. run as little as possible as root.






            share|improve this answer



























              1














              Congratulations! You are on the path to giving unrestricted root access to anyone who can make your nginx server run arbitrary code. You had better be sure that every single CGI script and php page and anything else that might be used to execute arbitrary code is secure.



              Your C wrapper is equivalent to configuring sudo to allow nginx to run any command at all as root.



              DON'T do it like that.



              Write individual shell script (or whatever) wrappers for specific commands and then grant sudo access only to those wrapper scripts. For example, /usr/local/sbin/restart-nginx.sh which does nothing but service nginx restart and give nginx sudo access to that script.



              Then write another, completely separate script to run, say, dmidecode -s system-uuid as in your previous question. And give nginx sudo access to that script too.



              The simpler and less complicated each individual script, the better. Safest of all is to take no user input at all, not from the command-line and not from environment variables.



              If some of your wrapper scripts must take user input, sanity check and sanitise all user-supplied input before using it. And quote your variables - e.g. always use "$variable" and never just $variable without quotes.



              If your wrapper scripts are getting excessively long and complicated then try to identify just the minimum command or set of commands that need to be run as root and write them as a separate script (or scripts), which are called by sudo from the main script. i.e. run as little as possible as root.






              share|improve this answer

























                1












                1








                1







                Congratulations! You are on the path to giving unrestricted root access to anyone who can make your nginx server run arbitrary code. You had better be sure that every single CGI script and php page and anything else that might be used to execute arbitrary code is secure.



                Your C wrapper is equivalent to configuring sudo to allow nginx to run any command at all as root.



                DON'T do it like that.



                Write individual shell script (or whatever) wrappers for specific commands and then grant sudo access only to those wrapper scripts. For example, /usr/local/sbin/restart-nginx.sh which does nothing but service nginx restart and give nginx sudo access to that script.



                Then write another, completely separate script to run, say, dmidecode -s system-uuid as in your previous question. And give nginx sudo access to that script too.



                The simpler and less complicated each individual script, the better. Safest of all is to take no user input at all, not from the command-line and not from environment variables.



                If some of your wrapper scripts must take user input, sanity check and sanitise all user-supplied input before using it. And quote your variables - e.g. always use "$variable" and never just $variable without quotes.



                If your wrapper scripts are getting excessively long and complicated then try to identify just the minimum command or set of commands that need to be run as root and write them as a separate script (or scripts), which are called by sudo from the main script. i.e. run as little as possible as root.






                share|improve this answer













                Congratulations! You are on the path to giving unrestricted root access to anyone who can make your nginx server run arbitrary code. You had better be sure that every single CGI script and php page and anything else that might be used to execute arbitrary code is secure.



                Your C wrapper is equivalent to configuring sudo to allow nginx to run any command at all as root.



                DON'T do it like that.



                Write individual shell script (or whatever) wrappers for specific commands and then grant sudo access only to those wrapper scripts. For example, /usr/local/sbin/restart-nginx.sh which does nothing but service nginx restart and give nginx sudo access to that script.



                Then write another, completely separate script to run, say, dmidecode -s system-uuid as in your previous question. And give nginx sudo access to that script too.



                The simpler and less complicated each individual script, the better. Safest of all is to take no user input at all, not from the command-line and not from environment variables.



                If some of your wrapper scripts must take user input, sanity check and sanitise all user-supplied input before using it. And quote your variables - e.g. always use "$variable" and never just $variable without quotes.



                If your wrapper scripts are getting excessively long and complicated then try to identify just the minimum command or set of commands that need to be run as root and write them as a separate script (or scripts), which are called by sudo from the main script. i.e. run as little as possible as root.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Oct 26 '15 at 0:12









                cascas

                39.6k456103




                39.6k456103



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f238595%2frestart-php-fpm-from-a-php-script%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    getting Checkpoint VPN SSL Network Extender working in the command lineHow to connect to CheckPoint VPN on Ubuntu 18.04LTS?Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayVPN SSL Network Extender in FirefoxLinux Checkpoint SNX tool configuration issuesCheck Point - Connect under Linux - snx + OTPSNX VPN Ububuntu 18.XXUsing Checkpoint VPN SSL Network Extender CLI with certificateVPN with network manager (nm-applet) is not workingWill the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayImport VPN config files to NetworkManager from command lineTrouble connecting to VPN using network-manager, while command line worksStart a VPN connection with PPTP protocol on command linestarting a docker service daemon breaks the vpn networkCan't connect to vpn with Network-managerVPN SSL Network Extender in FirefoxUsing Checkpoint VPN SSL Network Extender CLI with certificate

                    Image
                    If human space travel is limited by the G force vulnerability, is there a way to counter G forces? Did Shadowfax go to Valinor? Do I have a twin with permutated remainders? Blender 2.8 I can't see vertices, edges or faces in edit mode 1960's book about a plague that kills all white people How can I make my BBEG immortal short of making them a Lich or Vampire? Alternative to sending password over mail? Is it inappropriate for a student to attend their mentor's dissertation defense? Why is Collection not simply treated as Collection<?> Took a trip to a parallel universe, need help deciphering Assassin's bullet with mercury Why is it a bad idea to hire a hitman to eliminate most corrupt politicians? I Accidentally Deleted a Stock Terminal Theme Is there a hemisphere-neutral way of specifying a season? What about the virus in 12 Monkeys? Why can't we play rap on piano? Arrow those variables! Today is the Center Modeling an IP Ad...
                    Read more

                    Cannot Extend partition with GParted The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsCan't increase partition size with GParted?GParted doesn't recognize the unallocated space after my current partitionWhat is the best way to add unallocated space located before to Ubuntu 12.04 partition with GParted live?I can't figure out how to extend my Arch home partition into free spaceGparted Linux Mint 18.1 issueTrying to extend but swap partition is showing as Unknown in Gparted, shows proper from fdiskRearrange partitions in gparted to extend a partitionUnable to extend partition even though unallocated space is next to it using GPartedAllocate free space to root partitiongparted: how to merge unallocated space with a partition

                    Image
                    Make it rain characters Keeping a retro style to sci-fi spaceships? How to split my screen on my Macbook Air? How can I define good in a religion that claims no moral authority? does high air pressure throw off wheel balance? Scientific Reports - Significant Figures Relations between two reciprocal partial derivatives? How to delete random line from file using Unix command? How did passengers keep warm on sail ships? How are presidential pardons supposed to be used? Are my PIs rude or am I just being too sensitive? He got a vote 80% that of Emmanuel Macron’s Change bounding box of math glyphs in LuaTeX Match Roman Numerals Was credit for the black hole image misattributed? How to pronounce 1ターン? how can a perfect fourth interval be considered either consonant or dissonant? Working through the single responsibility principle (SRP) in Python when calls are expensive High Q peak in frequency response means what in time domain? ...
                    Read more

                    Marilyn Monroe Ny fiainany manokana | Jereo koa | Meny fitetezanafanitarana azy.

                    Image
                    OlonaBiôgrafiaVangovangoMpilalaoMpilalao amin'ny horonantsaryMpamoaka horonantsaryTeraka tamin'ny taona 1926Maty tamin'ny taona 1962 EtazoniaLos Angeles fanitarana azy . Marilyn Monroe Avy amin'i Wikipedia Sauter à la navigation Sauter à la recherche Marilyn Monroe Ankapobeny Anarana Marilyn Monroe Teraka 1 Jiona 1926 Maty 5 Aogositra 1962 Fiaviana sy ny andraikitra Firenena Etazonia Asa : mpilalao mpilalao amin'ny horonantsary mpamoaka horonantsary Fiainana manokana Marilyn Monroe dia mpilalao, mpilalao amin'ny horonantsary, mpamoaka horonantsary mizaka ny zom-pirenen'i Etazonia teraka ny 1 Jiona 1926 tao Los Angeles ary maty ny 5 Aogositra 1962 Ny fiainany manokana | Ny vadiny dia James Dougherty, Joe DiMaggio, Arthur Miller. Jereo koa | Biôgrafia Rohy ivelany | Ao amin'i Freebase: [1] Mbola ambangovangony ity lahatsoratra ity ary tokony hofenoina . Azonao atao ny mandray anjara eto amin'ny Wikipedia amin...
                    Read more