I'm editing a zone file /var/named/rpz.local and need to reload rndc after I've done by this command:
cd /var/named
rndc reload rpz.local
everything is great with cli as root user but the problem is I can't run /usr/sbin/rndc by nginx (PHP). so would you please give me a clue?
I can run this:
$Output = shell_exec("uptime");
print($Output);
but if I run this command the output is null:
system('rndc reload');
or
shell_exec('rndc relad');
It seems I can't access rndc because I even can't run:
rndc status
altough if I run this:
system(`uptime`); // Sun Aug 20 22:36:51 +0330 2023
$Test = shell_exec(`rndc status`); // return nothing
print($Test);
system('uptime');// 00:28:03 up 18 days, 10:47, 2 users, load average: 0.00, 0.02, 0.05
I have the result of uptime and uptime command. But there is nothing for shell_exec('rndc reload'). I also did below command but it didn't work:
setfacl -m u:nginx:rwx rpz.local
setfacl -m u:nginx:rwx /usr/sbin/rndc
The problem has been solved. How?
I got NULL when tried to run rndc command. So as mentioned this post I changed my command to this:
$Test = shell_exec(`rndc reload rpz.local 2>&1`); // return permission denied for rndc.key file
print($Test);
so I did :
setfacl -m u:nginx:rwx /etc/rndc.key
and the problem solved.
Thank you so much dear @hake
P.S as @hake mentioned, this is wrong that we run nginx as sudoer or add nginx to sudoer group so don't make mistake, although it's okay for debugging and testing (1-2 hours not more).