Masa Masa - 1 month ago 14
Linux Question

Start a bash script later in PHP

I'm trying to start a bash script later in PHP so I allowed it in visudo.

www-data ALL = (root) NOPASSWD: /sbin/iptables
www-data ALL = (root) NOPASSWD: /usr/bin/at


The script
removeuserIP
is just doing
sudo iptables
... and is working:

#!/bin/bash
sudo iptables -t nat -D PREROUTING -s $1 -j ACCEPT;
sudo iptables -D FORWARD -s $1 -j ACCEPT;


and in the PHP code, I put this line:

$msg=exec("echo /var/www/scripts/removeuserIP $ipaddress | at now + 1 minutes");


but the issue is it's starting the script right now. I checked in
/log/var/auth.log
and indeed, it's starting the command right now.

I tried it in a terminal directly and there was no issue, it is starting later (with an argument of course):

echo /var/www/scripts/removeuserIP $ipaddress | at now + 1 minutes


I also tried to do it like this in a terminal but this one is not working too because it doesn't understand there is an argument for the file:

sudo at now +1 minutes -f /var/www/scripts/removeuserIP 172.24.1.115


I really don't understand why it is starting right now even if it should start 1 minute later and not now.

Answer

Solution: Finally, after checking /var/log/apache2/error.log, I saw that it doesn't have the permission to use at.

In fact you have to go /etc/at.deny and remove the line www-date with at. There is probably a security reason for why it's forbidden by default and a better way to do this, but at least it's working.