I am currently writing an admin page for my webserver, to make it easier on myself to create new apache domains from my browser. Everything is pretty much working as I want it to, except for one thing.
To elaborate: I have a cron job on my server running a bash script as root that checks a file containing a list of domain names that I want to be created. If the file contains a domain name, it automatically creates a new virtual host for this domain, edits my hosts file, and restarts the server. This all works perfectly, however what I would like for the script to do, is that it activates the domain that it automatically creates before it restarts the server. I tried doing this using apache 2's a2ensite command, however the script returns an error saying the command is not found.
Is there a way to call this command from a bash script, or is there an alternative to this command that I can call?
Any help would be greatly appreciated.
$ which a2ensite
/usr/sbin/a2ensite
Usually, cron has a quite restrictive $PATH, not including /usr/sbin or /sbin, which are system binaries (for use by root). It's always a good idea to use fully qualified path names. So either call /usr/bin/a2ensite in your script, or define a variable:
A2ENSITE=/usr/sbin/a2ensite
...
${A2ENSITE} new-domain.com
Related
I've just set up my first cron-jon to run a stock script every night.
Running it manually works fine.
It's stored in /admin/stock_update.php
The command i'm running is /usr/bin/php -q /admin/stock_update.php
But I'm getting emails saying no input file is specified?
Any ideas?
Cheers
Network services almost never expose actual paths on the server's hard disk drive and even if they could it isn't a behaviour you can rely on. So the fact that your file is located at /admin/stock_update.php in the FTP server doesn't say much about actual location on disk, which is what local command-line utilities expect.
In PHP, you can find path on disk of current file with the __FILE__ magic constant. You can create a test script:
<?php
var_dump(__FILE__);
... upload it to the same FTP location and execute through the web server. If that's not an option because files in your FTP account in not visible from the web you can run the file from cron and check the email.
Do you have CloudLinux kernel installed on that server and CageFS filestyem? If yes try running this:
cagefsctl -w cpaneluser; cagefsctl -m cpaneluser
Then try running the cron again
I have a simple lua-nginx conf of this style
server {
server_name payment.mybackend.fr
payment.mybackend.fr;
set $rails_root /home/deploy/api/MAP;
set $env 'cloud';
location ~ /(paypal|paybox_system) {
content_by_lua_file $rails_root/lib/nginx-redis-payment/$1.lua;
}
}
When I run nginx without sudo, with my current user, the lua script is never called and so the payment is not validated.
When I run it with sudo, it works perfectly.
How can I make nginx don't use root privileges to execute my lua scripts?
Provided your nginx itself runs without sudo, just not executing the scripts in question...
This is likely related to the lua scripts in question, and have not much to do with nginx.
I would troubleshoot as follows:
Make sure nginx itself runs without sudo. You could use pkill nginx and/or pkill -KILL nginx, followed by pgrep nginx to make sure that no nginx instances are presently running. Then execute nginx without root to make sure it starts up and keeps on running.
Try to execute the script under the same user as the one you use to run nginx. If this fails, provide us with the errors and any possible logs generated, as well as id and ls -la of the files and directories in question.
Look further into any possible logs that nginx as well as the scripts generate when they fail.
I don't have permission to post a comment on your answer, so my apologies if this answer should belong in the comment section instead as answer.
I experienced something similar a while ago, and I came up with an idea: https://stackoverflow.com/questions/32593747/idea-for-reload-restart-apache-from-php-script-without-running-as-root
The idea is the same: you don't want to run Nginx as root for security reasons, but you really want to execute some pre defined commands as root. With a non root script (let's say you put a php script at your location "/(paypal|paybox_system) ") so it can write to a watch folder, the daemon (which runs as root) then gets a signal and executes a root commando (for example running your lua script as sudo).
My zip function isn't working when being called from a php script, but works straight from the SSH prompt.
code in the PHP file that returns nothing var_dump( exec('zip -r domains.zip "domains"') );
code in the php file which works as expected var_dump( exec('/usr/bin/zip -r domains.zip "domains"') );
I've added the path to /etc/profile, I've added it to my ~/.bashrc but can't get the web user to be able to use it.
I'm new to this and it's a VPS so I'm not sure where to go from here.
Ensure that permissions are adequate on the files being accessed - you want to ensure that the user accessing them is able to execute them.
I don't know if this was an effect of the shellshock attack which my server was victim to (or another attack that worked) but it basically enabled the hacker to overwrite my SSH config file when the server rebooted.
This new file used wget to load in a file from a website, then another library of hack functions which I guessed he then used to run hacks/DOS from my server. I caught it pretty fast and ideally want to upgrade but because I have cancer and just had a big operation it is too much effort at the moment.
Therefore I did a lot of house keeping, changing passwords, removing shell access, reverting back to DASH, replacing the default shell for root and any other users to another folder with symbolic links, restoring the config file for SSH, removing CGI functionality from config files e.g
ScriptAlias /cgi-bin/ /home/searchmysite/cgi-bin/
#
allow from all
#
Removed AW stats and Webalizer for all virtual min sites.
I already had DenyHosts and Fail2Ban installed.
I also blocked in/outbound traffic to the IPs of the sites he was getting the files from.
However it seems since this change I have lost the visual cron manager from webmin.
When I go to the menu item "Scheduled Cron Jobs", it says, "The command crontab for managing user Cron configurations was not found. Maybe Cron is not installed on this system?"
However I can see in the file system it exists.
When I run crontab -l or crontab -e I get "Permission Denied"
whoami shows "root"
I did think at the time of the hack this was all related and he had used SSH and a Cron job to get his hack running.
What I want to know is how I can get the CronTab manager back.
All the cron jobs are still running such as importing feeds into my websites, running scheduled emails and so on, what I don't know is how to resolve this without a full rebuild.
If I had the time and energy I would do that but I am totally drained and before this hack everything was just running smoothly and my websites which bring me in money were working fine.
They currently are still working fine and I regularly check my logs for IPs that look odd, have strong htacess rules for xss/sql/path travesal/file hacks and ban whole countries from Cloudflare which the site sits behind. So I don't "think" the machine is compromised at the moment even if it is old - could be wrong though!
details of box
Operating system Debian Linux 5.0 Virtualmin version 3.98.gpl GPL WebMin Version: 1.610 Kernel and CPU Linux 2.6.32.9-rscloud on x86_64
So if anyone can help me get my crontab manager back that would be great.
Thanks
1) check if chattr exists, if not, download a new one.
2) type whereis crontab, then chattr -isa /path/to/crontab.(usually /usr/bin/cron) then chmod crontab back to it original settings.
3) navigate to /var/spool/ and
chattr -isa cron
cd cron
chattr -isa crontabs
4) remove cron entry in /etc/cron.weekly
Look in /etc/cron.weekly for any new
I can't add /usr/local/bin to the apache users PATH variable. The user doesn't have a .profile, I can't su to the user, I can't export to the PATH from php using exec and adding
SetEnv PATH /usr/local/bin
To either the http.conf or the .htaccess file doesn't make a difference. I can't find the envvars file to change that but I suspect there's some other problem.
I have restarted apache, and indeed my server.
Ended up following what Alfe suggested in his answer, except rather than in the /etc/init.d/httpd file (which could be overwritten easily on update) I added to /etc/sysconfig/httpd:
export PATH=${PATH:+$PATH:}/usr/local/bin
Have a look at the /etc/passwd to see which login shell the apache user has (on EC2 Ubuntu instances it should be /bin/sh which is a link to /bin/dash). Then have a look at the man page of that shell and find out which configuration files are read upon login. (For /bin/dash that would be .login in the user's home directory.) In those you should be able to extend your $PATH as you like.
EDIT:
Since you seem to have no login shell for that user: Have a look at the /etc/init.d/* scripts which start the system services. Apache will be one of them. They are started as root and may change the current user (e. g. to the apache user). In there you might be able to adjust the PATH as you like it.
Patching those scripts, however, is not considered typical configuration. Updates might overwrite what ever you patch there.