Allow Reboots From PHP:

1. vim /etc/sudoers
2. List item paste new line "%www-data ALL=NOPASSWD: /sbin/reboot" and write changes.
3. Reboot OS.
4. Make sure your script is owned by www-data, chown www-data:www-data filename.php (apache user)
5. Run script

Enjoy :)

(tested on ubuntu server 14.40 LTS with php5-7, should also work on any debian based distro.)

The only way I got this to work on my system was to "hack" it by changing chmod on /sbin/reboot like this guy did

http://linux.byexamples.com/archives/315/how-to-shutdown-and-reboot-without-sudo-password/

sudo chmod u+s /sbin/reboot

I realize this might not be optimal in many cases, but this mediaPlayer is very much locked down so there is no accessing a terminal for anyone else anyways.

Giving reboot permission to www user is a bad idea.Create a cron and do system reboot from the cron rather than from PHP script. The Cron will run every minute and check for reboot flag. If it is set the it will do the reboot.

1)write a flag to a file from your php program so that the cron can decide whether to do reboot or not.

 $Handle = fopen("/tmp/myfile", 'w');
 fwrite($Handle, "doreboot");
 fclose($Handle);

2) Create a bash script to read that file and do reboot if the PHP script tells it to do so.

#!/bin/bash
arg=$(head -n 1 /tmp/myfile)   
if [ "$arg" == "doreboot" ]; then
  >/tmp/myfile
  echo "Rebooting"
  echo 'password' | sudo -S reboot
fi

execute this in shell chmod +x mycron.sh

3) Configure the script in crontab

crontab -e and paste this

* * * * * path/mycron.sh

4) The user who set the cron should have sudo permission. Add him to sudoers.

Why did you put -u brftv in there? That makes your PHP script try to run the reboot as your user, which won't work. Only root can reboot the system. Remove it.

Try this code

brftv ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff
 www-data ALL=(brftv) NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff 

then from php

exec('sudo /sbin/reboot');

I would use a very small C program to grant access to only the PHP group (probably www-data in your case?), use the suid bit on the executable, and exec the reboot command

phpreboot.c :

#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main() {
   setuid(0); // for uid to be 0, root
   char *command = "/sbin/reboot";
   execl(command, command, NULL);
   return 0; // just to avoid the warning (since never returns)
}

Compile it

gcc -Wall phpreboot.c -o phpreboot

Move phpreboot where you want to run it (has to be accessible by PHP!)

mv phpreboot /home/private/

As root (or via sudo) ensure owner is root and group is set to www-data, and change rights to have suid bit (in this order)

chown root:www-data phpreboot
chmod 4750 phpreboot

The result, ls -l phpreboot should be something like (note the s in rws)

-rwsr-x--- 1 root www-data 8565 Jun 12 11:42 phpreboot*

Change the PHP script to execute phpreboot instead

exec ("/home/private/phpreboot"); // change the path!

Only one tiny executable will have the suid to run the reboot program, and only the PHP group will be able to execute it (and root of course).

• About setuid and suid bit
• PHP get the running group id then on Linux doing id groupID gives the group name.