I have a php script that
It's script work fine in Ubuntu.
In OpenWRT when I run this script manually at cli - it work fine too. But when script runs by web server via http request - it does not work: crontab does not change.
At cli the root crontab changes. Via web server not one changes.
Where could there be a problem?
Web server not running as root?
Web server running as default. And yes, it's running from nobody.
So what? User nobody is not allowed cron?
UPD: Heh, user nobody means that web server loss its privileges after starting up. But nginx starting as root.
Why is there a loss of privileges?
Security. You don't want your webserver to be compromised and then the attacker gets root access.
Of course, I was waiting for this answer. But this answer is not only wrong, but also delusional.
What is your preferred answer?
The loss of privileges occurs because:
It's only used to gain access to 80/tcp - or other privileged ports (this is common on most *nix-like OSes)
It's otherwise not needed (or in your case, not assumed one wishes to run/edit things as root)
(A simple web search produced this well-known fact about web servers.)
Change permission of the file to allow other users/groups?
It seems correct and reality-based to me.
So, my digs:
The config of php7-fpm (/etc/php7-fpm.d/www.conf) has:
user = nobody
but this user cannot be changed to root, because:
[30-Jan-2023 12:51:09] ERROR: [pool www] please specify user and group other than root
[30-Jan-2023 12:51:09] ERROR: FPM initialization failed
Yes, this is your f... security.
Ok, I set
user = http - this user is present in OpenWRT.
Nothing happens after reboot:
exec('crontab... don't work.
Then I create non-privileged user manually by
this recipe. And I update the /etc/php7-fpm.d/www.conf.
Yes, nginx runs from my user. But
exec('crontab... don't work.
UPD: Yes, busybox's cron run only for root, and OpenWRT not have way to run job from other user.
script with sticky bit ?
Another simple web search:
What are you trying to do beyond run the cron command? What will the cron job do?
What's the difference? If you think that I don't really need to set cron tasks from the php script, then you are mistaken.
Is that better than making us guess?
(If you can explain the use case better, perhaps others more familiar with OpenWrt's root/nginx/crontab/sudo etc. can simply answer you.)
BTW, you can use one post to quote/reply to multiple people.
January 30, 2023, 2:03pm
could also change the permissions on /etc/crontab, to be able to create a new file, or add to the existing one, then restart the cron service.
The OpenWRT is castrated linux. It has neither su, sudo, runuser.
But especially for such php7-fpm has a -R parm.
I just added it in
/etc/init.d/php7-fpm's PROG variable. It works.
But the right way is to add a parameter to /etc/config/php7-fpm. But as far as I understand /etc/init.d/php7-fpm, it does not insert parameters from /etc/config/php7-fpm in the php7-fpm start line.
Am I wrong? Is it possible to add a parameter to the
/etc/config/php7-fpm to run php7-fpm?
Did you install either of them?
A Linux that only has root login/userspace by default wouldn't need them.
January 30, 2023, 2:17pm
sorry our standard image, fitting 8MB flash devices, won't come with all the packages
su and sudo's available, if you install the packages ...
Dunno, whether my following notes are still valid for newest openwrt, but anyway:
Having had similar issues like yours, I was setting user root; in nginx.conf
I replaced usual /etc/init.d/nginx with my private, simple one, to start nginx from rc.local
Not using uci for config of nginx, but nginx.conf, only.
In other words, to get rid of the openwrt-specials, but using the linux-like style.
To make shure, nginx runs as root, to allow me all kind of php exec's.
February 13, 2023, 3:33am
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.