phpnginxnamedrocky-os

PHP can't access RNDC


I'm editing a zone file /var/named/rpz.local and need to reload rndc after I've done by this command:

cd /var/named
rndc reload rpz.local

everything is great with cli as root user but the problem is I can't run /usr/sbin/rndc by nginx (PHP). so would you please give me a clue?

I can run this:

$Output = shell_exec("uptime");
print($Output);

but if I run this command the output is null: system('rndc reload'); or shell_exec('rndc relad'); It seems I can't access rndc because I even can't run: rndc status altough if I run this:

system(`uptime`); // Sun Aug 20 22:36:51 +0330 2023
$Test = shell_exec(`rndc status`); // return nothing
print($Test);
system('uptime');//  00:28:03 up 18 days, 10:47,  2 users,  load average: 0.00, 0.02, 0.05

I have the result of uptime and uptime command. But there is nothing for shell_exec('rndc reload'). I also did below command but it didn't work:

setfacl -m u:nginx:rwx rpz.local
setfacl -m u:nginx:rwx /usr/sbin/rndc

Solution

  • The problem has been solved. How? I got NULL when tried to run rndc command. So as mentioned this post I changed my command to this:

    $Test = shell_exec(`rndc reload rpz.local 2>&1`); // return permission denied for rndc.key file
    print($Test);
    

    so I did :

    setfacl -m u:nginx:rwx /etc/rndc.key
    

    and the problem solved.

    Thank you so much dear @hake

    P.S as @hake mentioned, this is wrong that we run nginx as sudoer or add nginx to sudoer group so don't make mistake, although it's okay for debugging and testing (1-2 hours not more).