1

I need to reboot an embedded system via a local network webpage (a CGI script). I have the page built, and it calls a script on the station (which is the (apache) host of the webpage). This script is just supposed to call the reboot command, but it fails.

One try was this:

 #!/bin/bash

 sudo reboot

It worked when ran from the command-line while telnetted in, but not when called by the CGI. The error (from /var/log/apache2/error.log) was:

sudo: no tty present and no askpass program specified

Okay, fair enough. I tried adding NOPASSWD to the sudoers file for the correct user, but no cigar. So I tried this method, which I found online. It also worked when run from the command line, but not from the server. I figured I would not get the same error, since it was through telnet, and it didn't.

 #!/usr/bin/expect

 set name [lindex $argv 0]
 spawn telnet $name
 expect "login:"
 send "<user>\r"
 expect "Password:"
 send "Reformed\r"

 send "sudo reboot\r"

The error was:

malformed header from script. Bad header=ERROR!!: WebInterfaceReboot

(if I hard-code the IP in the script, it gives me the error Bad header=spawn telnet 192.168.0.79 #: WebInterfaceReboot send: spawn id exp6 not open while executing "send "<username>\r"" (file ./reboot2.sh" line 9))

I enabled cgi logging on the server, and the 'detailed' CGI log didn't help any more:

 %% [Wed Oct 09 09:24:25 2013] POST /cgi-bin/WebInterfaceReboot HTTP/1.1
 %% 500 /usr/lib/cgi-bin/WebInterfaceReboot
 %request
 Host: 192.168.0.79
 Connection: keep-alive
 Content-Length: 19
 Cache-Control: max-age=0
 Authorization: Basic aGhwOlJlZm9ybWVk
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Origin: http:// 192.168.0.79
 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
 Content-Type: application/x-www-form-urlencoded
 DNT: 1
 Referer: http:// 192.168.0.79/cgi-bin/WebInterfaceReboot
 Accept-Encoding: gzip,deflate,sdch
 Accept-Language: en-US,en;q=0.8

 RebootButton=Reboot
 %response
 ERROR!!

Note 'RebootButton' is the name of the button pressed on the page to call the shell script

I'm pretty sure it's not the actual CGI script, as when I tested the first implementation, the script was obviously running. What changes should I make, either to the script or the installation, to make the reboot command able to run this way?

SSumner
  • 179
  • 2
  • 6
  • 18

1 Answers1

1

The webserver runs as a different user, it is that user you want to add to sudoers. To find out the apache user name run this command (output from my system, yours should be similar):

$ ps aux | grep apache2
root     13108  0.0  0.0   9756   868 pts/0    S+   17:51   0:00 tail -f /var/log/apache2/error.log
root     15140  0.0  0.2 170752  9116 ?        Ss   20:10   0:00 /usr/sbin/apache2 -k start
www-data 15143  0.0  0.1 170752  5868 ?        S    20:10   0:00 /usr/sbin/apache2 -k start
www-data 15144  0.0  0.1 170752  5540 ?        S    20:10   0:00 /usr/sbin/apache2 -k start

So, the apache user is www-data, you should allow that user to run reboot with no password (this is not a very good idea from a security point of view but hey):

www-data ALL=NOPASSWD:/sbin/reboot
terdon
  • 54,564