• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Rsync in PHP script

CMRP

New Pleskian
Hello,

I have an issue with a PHP script that execute a SH file.

My PHP script :
$output = shell_exec('sh api/fichier_bash.sh');
echo "$output";

My SH file :
#!/bin/bash

/usr/bin/rsync -e ssh -avzru --delete-after /absolute_path/sound.wav root@IP:/absolute path

echo "Hello"

If i go to my php web page, it print "Hello" but the file dosen't send in my remote server.
I didn't see in plesk the sudoers file to give permission for the apache user to execute a rsync command.

Anybody have an idea about this script?

Regards,
CMRP
 
Because i think the rsync command cannot execute by apache user.

How i could execute this command in bach file via php?

NB : if i execute the bash file in root with command line, it works perfectly.

Regards,
CMRP
 
as root:
su - your_apache_user
then cd to the directory of the script and try it
if you get a permission error, put sudo before the rsync
btw, how are you authenticating against the remote server? Do you have the private key in ~your_apache_user/.ssh ?
 
Yes i use a public/private key between the two server.

In fact, i think the sudo module is install by defaut with plesk.
But it's not the case.

Here is the solution :
1) Install sudo (yum install sudo)
2) Add in /etc/sudoers this two line :
your_user ALL = NOPASSWD: /aboslute/path/to/your/bashfile.sh : it's need to authroize php to launch your sh script
your_user ALL = NOPASSWD: /usr/bin/rsync : it's need to authorize php to run this command.

Finally use this in your php script : exec("sudo/path/script.sh)

Thank you for you're help.

Regards,
CMRP
 
Keep in mind though that this completely obliterates the security won by privilege separation as rsync run with root rights can read and overwrite any file on the system.
 
I know but i didn't find other solution.
If you have it, i'm interest.

The sudo file need two thing : the permission to use rsync command and permission to execute the bash file.
In my bash file the path is put in the script and no depend about a variable.

Regards,
CMRP
 
If the script already runs with root rights, there should be no need to enable rsync too. That should only be needed if the script was run as user and had `sudo rsync` in it.

Make sure the script is not writable by the user. Neither the file itself nor the directory (hierarchy).
 
Back
Top