-1

So i'm looking for a way to start Plex Media Server service using PHP redirect. I basically want to start and stop the server by going to the certain URL. I'm using Apache and here's my code and commands i'm using:

My /var/www/site/index.php:

<?php
  $output = shell_exec('/var/www/site/plex.sh');
  echo "<h1>Output: " . $output . "</h1>";
?>

/var/www/site/plex.sh

#!/bin/bash

sudo service plexmediaserver start
echo "Done"

After going to my website, i get header "Output: Done" as expected. But Plex process is still inactive (service status). Permissions for site directory and files are set for "www-data" user and plex.sh is executable (chmod +x). Permissions for directory and files are rwxrwxrwx and user running apache is www-data.

Are commands wrong or is it something else?

maskey
  • 1
  • 2
  • 1
    You could try to add the full path of the service command. I don't know the path out of my head. But just check it with "which service". Try adding the displayed path to your script like: /path/tobin/service plexmediaserver start. Also check if the script is working if you start it manually on the command line with root privileges. It might also be a permission issue. – Lorem ipsum Oct 02 '20 at 08:44
  • Nothing changed. I can run service without any issues with "sudo service plexmediaserver start". I also tried swapping ```shell_exec('/var/www/site/plex.sh');``` with ```shell_exec('sudo /usr/sbin/service plexmediaserver start');``` and still nothing really happened. – maskey Oct 02 '20 at 09:21

1 Answers1

0

Generally i would avoid to execute root privilege commands with webservers/php-fpm. So think about, if you really need it. To run this kind of job successfully with your already present scripts, you need to add the user under which your webserver runs (generally www-data) to your sudoers file and allow it to run your the command with sudo without password like this:

shell# visudo
 
      User_Alias WWW_USER = www-data
      Cmnd_Alias WWW_COMMANDS = /usr/sbin/service
      WWW_USER ALL = (ALL) NOPASSWD: WWW_COMMANDS

Then you can start your service with curl http://example.com/index.php

However as i said it's a serious security risk. So do it only if you really need to do it and what is really important is, that your nginx can only EXECUTE, but not write the files index.php and plex.php. So your 777 permissions will lead actually to a privilege esclatation vulnerability.

Lorem ipsum
  • 852
  • 3
  • 13