How to run root commands via Apache CGI scripts??

[redhawk]

I have an FM transmitter dongle and console based media player moc/mocp running on my PI.
To change the frequency and tracks in the playlist I need to have root privileges which is fine via ssh but not with CGI scripts.
After doing some research online I found a tool called "expect" it can simulate keyboard strokes so basically you can "su or ssh" and it enters your password automatically if challenged.

My CGI root hacked script works perfectly using the web server mathopd but when I switched over to apache it failed completely.
From what I can tell apache is running my CGI scripts and calling "expect" just fine but for some reason it's not entering my root password with no obvious error.
I have tested my CGI script from the console as non-privileged user account "daemon" so I know it does work.

If "expect" cannot run using apache are they any other alternatives to issue root privileged commands from CGI??

Richard S.

[redhawk]

CGI script example with expect:

#!/usr/bin/perl

print "Content-type: text/html\n\n";
print "<html>\n";
print "<body>\n";
use strict;
use warnings;
my @info = `expect -c 'spawn uname -a;interact'`;
foreach my $i (@info) {
print "$i";
print "<br>";
}
print "</body>\n";
print "</html>\n";
print "\n\n";

In mathopd it displays the results for command "uname -a" but apache won't run it.

Any ideas why??

Richard S.

[Max]

Just use "sudo name-of-command" instead?
Can specify exactly which commands the username used by Apache is allowed to execute as root -without entering password- in its configuration file ("sudo visudo" to edit).

[redhawk]

Running su or sudo from a non-privilege account would prompt you for a password since you cannot interact with the script you need "expect" to simulate key presses.
I could make user account "daemon" equivalent to root but that's a dirty hack and something I would only use as a last resort.

In any case it still doesn't explain why my CGI example fails in apache but works in mathopd I'm not exactly doing anything out of the ordinary.

Richard S.

[Max]

Running su or sudo from a non-privilege account would prompt you for a password

Only if it is configured to do that.

Suggest you read the sudoers man page.
Can apply the NOPASSWD tag to individual commands and/or users.

[redhawk]

Thanks for the tip I added sudo password exceptions for several commands using visudo I wasn't even aware that was possible.

Still rather puzzled over why expect isn't working as expected with Apache but I'll leave that for another time.

Richard S.