W3docs
en
Log in

Execute root commands via PHP

It is generally not recommended to execute root commands via PHP, as it can pose a security risk to the system.

Tags

It is generally not recommended to execute root commands via PHP, as it can pose a security risk to the system. By default, exec() and system() run commands with the permissions of the web server user (e.g., www-data). If you must execute privileged commands, you should configure /etc/sudoers to allow that specific user to run only certain commands without a password. Additionally, you must sanitize any user input to prevent command injection.

However, if you must execute root commands via PHP, you can use exec() or system() with sudo, provided the sudoers configuration permits it. For example:

Example of executing root commands via PHP

$safeInput = escapeshellarg($userInput);
$output = [];
exec("sudo /usr/bin/specific_command $safeInput", $output);
// $output contains all lines of the command's output

It is important to note that this method requires that the user running the PHP script have explicit permission in /etc/sudoers to execute the command as root. Because web servers run non-interactively, you may need to add Defaults !requiretty to the sudoers file or use sudo -S to prevent TTY prompts. Without a NOPASSWD rule, sudo will hang waiting for a password. For production environments, consider using a dedicated background daemon or a SUID binary instead of sudo for better security and reliability.