I’m editing a zone file /var/named/rpz.local and need to reload rndc after I’ve done by this command:
cd /var/named
rndc reload rpz.local
everything is great with cli as root user but the problem is I can’t run /usr/sbin/rndc by nginx (PHP). so would you please give me a clue?
I can run this:
$Output = shell_exec("uptime");
print($Output);
but if I run this command the output is null:
system('rndc reload');
or
shell_exec('rndc relad');
It seems I can’t access rndc because I even can’t run:
rndc status
altough if I run this:
system(`uptime`); // Sun Aug 20 22:36:51 +0330 2023
$Test = shell_exec(`rndc status`); // return nothing
print($Test);
system('uptime');// 00:28:03 up 18 days, 10:47, 2 users, load average: 0.00, 0.02, 0.05
I have the result of uptime and uptime command. But there is nothing for shell_exec('rndc reload'). I also did below command but it didn’t work:
setfacl -m u:nginx:rwx rpz.local
setfacl -m u:nginx:rwx /usr/sbin/rndc
2
Answers
The problem has been solved. How? I got
NULLwhen tried to runrndccommand. So as mentioned this post I changed my command to this:so I did :
and the problem solved.
Thank you so much dear @hake
P.S as @hake mentioned, this is wrong that we run nginx as sudoer or add nginx to sudoer group so don't make mistake, although it's okay for debugging and testing (1-2 hours not more).
If your PHP within Nginx would run as root, you would have one serious problem, and then many more.
Consult your operational manual about the role of the root user and what it is for. Then administer the system accordingly.
Or in short: Only you can do something as root must not mean you should do it from inside PHP. Understand why. Really. Seriously.
If you can’t, contact a responsible sysadmin that knows the system you’re operating with and clarify the requirements person-to-person.