使用Telegram Bot运行root脚本

Question

I have a WebHook configured to commuticate with Telegram Bot, and I want to run some root commands when bot command arrives. As we know the Telegram Bot sends https request to our web hook, so I can only run shell script as www-data user. But I actually want to run it as root.

My script kill.sh:

#!/bin/bash

kill -9 $1

From php I run:

exec('kill.sh ' . $pidFromTelegramMessage);

Rights:

$ ls -al kill.sh
-r-xr-x---  1 root www-data     24 Dec 16 15:27 kill.sh*

I even tried to put this script in /tmp directory but i does not work either. A always gets:

/tmp/kill.sh: 3: kill: Operation not permitted

Answer 1

I found only one way to do this. I put this line into /etc/sudoers by run visudo command:

www-data ALL = NOPASSWD: /bin/kill, /usr/bin/tail, /tmp/run.sh

Add execute permissions to /tmp/run.sh:

chmod a+x /tmp/run.sh

Now you can run these three commands as www-data user:

sudo kill -9 32233
sudo /tmp/run.sh

But you must think twice before allow anyone execute /tmp/run.sh script.