How do I run script using sudo from plesk environament

[next-step]

Hi everyone

I need idea/approach to implement following:

php script is working under plesk's apache so it is launched under 'psaadm' user.

Goal: I need to be able to create files in domain /conf/ and domain /var/ folders.


so I need my php script runs shell commands using root access.

both commands below is not working:
exec("mkdir /var/www/vhosts/domain.com/var/newfolder");
exec("sudo -u root -p XXX mkdir /var/www/vhosts/domain.com/var/newfolder");

of course that will work if I do chmod or chown for var folder.

but what is correct approach, anybody can help me???

 

[next-step]

I found some info but dont know how to use it:

C Utilities Implementing Module Management

As in the main Plesk system, for managing a service you may need to be able to perform actions under a root user. In this case you will need to use the mechanism of setuid utilities, the utilities which in the process of their implementation temporarily change a value of the user with the permissions of which they are executed to the root user.

Note: In order not to make all the utilities setuid root, has been written a special wrapper. Symlinks in <PRODUCT_ROOT_D>/admin/bin/modules/<module_name> should point to ../../../sbin/mod_wrapper, which looks at its argv[0] and runs the appropriate binary from <PRODUCT_ROOT_D>/admin/sbin/modules/<module_name>. That binary need not be setuid root itself, because mod_wrapper is setuid root.

These utilities are called in by selecting a corresponding action in the user web interface and represent the call in of an external program from a control PHP script. Thus control PHP scripts implement a convenient administration interface, while C utilities perform low-level tasks (see example).

These utilities should be contained in the <PRODUCT_ROOT_D>/admin/sbin/modules/<module name>/ directory.

 

[next-step]

anybody can help here?

I have created my script:
admin/sbin/modules/mymodule/myscript.sh

And link to this at
admin/bin/modules/mymodule/myscript.sh

php script runs it
exec("/usr/local/psa/admin/bin/modules/mymodule/myscript.sh")

but it says "Exec format error"

where Im wrong here?

 

[0031]

Why can't you just suid your scripts? Plesk uses SUID wrapper to elevate privileges of the backend utilities.

 

[next-step]

good point. thank you
now I think that the key for my problem - I cant get my suid working on the server:

[root@fjz htdocs]# ls -l /var/www/vhosts/domain.ru/httpdocs/mkdir.sh
-rwsr-sr-x  1 root psacln 263 Oct 10 13:11 /var/www/vhosts/domain.ru/httpdocs/mkdir.sh
[root@fjz htdocs]# cat /var/www/vhosts/domain.ru/httpdocs/mkdir.sh
#!/bin/sh -b
whoami
pwd
mkdir /var/www/vhosts/domain.ru/conf/test
cd /var/www/vhosts/domain.ru/conf/
ls

then logged in as psa client and do:

[domainuser@fjz ~/httpdocs]$ ./mkdir.sh
domainuser
/var/www/vhosts/domain.ru/httpdocs
mkdir: cannot create directory `/var/www/vhosts/domain.ru/conf/test': Permission denied
./mkdir.sh: line 5: cd: /var/www/vhosts/domain.ru/conf/: Permission denied
css  favicon.ico  img  index.html  mkdir.sh  picture_library  plesk-stat  test

 

[0031]

It's a modern Linux feature AFAIK - it accepts suid bits only on ELF binary files.

So, you may:
1. make a binary version of your utility
2. use a hack to utilize ready-made Plesk's wrapper, which elevates privileges of script:

# cp script.sh /usr/local/psa/admin/sbin
# ln -s /usr/local/psa/admin/sbin/wrapper /usr/local/psa/admin/bin/script.sh
# chmod 755 /usr/local/psa/admin/sbin/script.sh

then call /usr/local/psa/admin/bin/script.sh from within your php code - it should be executed as root:root

 

[next-step]

yes thanks you a lot.
Ive tried to make own suid binary and its fine
Im newbie on this, trying to remember C.