Scripts can run on terminal but not when using PHP

Question

I am trying to run a script that does "apt-get install" on a webserver through PHP but cant seem to get it to work. If I were to run the script locally on the terminal using:

sudo /var/www/html/dl.sh

It works. But after using this code...

forcedl.php:

 <?php if ($_GET['run']){ $output = shell_exec("/var/www/html/dl.sh"); echo "<pre>$output\n</pre>"; } ?> <a href=?run=true>Click Here</a> 

dl.sh:

#!/bin/bash sudo apt-get install slowhttptest 

and after clicking on CLICK HERE (If commands in dl.sh were changed to ifconfig, it works) on another machine, nothing happens on the server that the script is supposed to run on.

If I remember correctly, I have installed PHP and Apache2. I don't know if anything else is required to make this work.

Requested command:

ls -lZ /var/www/html/dl.sh

Output is:

rwxr-xr-x 1 root root ? 188 Jan 2 21:58 /var/www/html/dl.sh

Edit #2:

I solved the issue by adding WWW-DATA in sudoers and editing my PHP.

forcedl.php:

 <?php if ($_GET['run']){ $output = shell_exec("sudo /var/www/html/dl.sh"); echo "<pre>$output\n</pre>"; } ?> <a href=?run=true>Click Here</a> 

Answer 1

PHP is (thankfully!) not running as the root user, so it does not have privileges to run apt install. The suid bit is ignored on shell scripts, so setting that bit on your shell script is not a solution, either.

If you really really want to give PHP the privileges to run apt-get as the root user (and please, think really hard about this), you can add an entry to sudoers to allow it to do so, but your command will have to be sudo apt-get [...].

Running a script through a web based front-end via a sudo grant is ill-advised, because if somebody somehow figures out a way to edit that file, now they can do whatever they want to do on your system as the superuser by having PHP do it for them.