How can I give www-data permissions to run a .py script with sudo from an index.php?

Question

I have a script in /var/www/Web-EvilBlock/EvilBlock.py

It needs to have sudo permissions to work

My problem is that from my web page in php, I have a button that executes that .py script, but it doesn't work.(Need sudo permissions)

The only way I've gotten it to work is in visudo by adding the line: www-data ALL=(ALL) NOPASSWD: ALL But I would like to make it a little more secure. Is there any other way? I am new to linux.

www-data is the owner of /var/www/Web-EvilBlock and have execution permission

EDIT:Someone answered my problem. I added this line in visudo : www-data ALL=(ALL) NOPASSWD:/usr/bin/python3 /var/www/Web-EvilBlock/EvilBlock.py But now i need another button that uses sudo pkill -f EvilBlock.py

Answer 1

To make the user www-data only have sudo permissions for the EvilBlock.py I have added the following line at the end of visudo:

www-data ALL=(ALL) NOPASSWD:/usr/bin/python3 /var/www/Web-EvilBlock/EvilBlock.py

For www-data being able to do "sudo pkill -f EvilBlock.py" I have created a .sh file with the "command" inside. Then in visudo I have added the following line:

www-data ALL=(ALL) NOPASSWD:/usr/bin/bash /var/www/Web-EvilBlock/pkill.sh

NOTE: Be very careful when editing the sudoers file, as incorrect changes can render your system unusable

PHP code for execute the .py:

$output = shell_exec('sudo python3 /var/www/Web-EvilBlock/EvilBlock.py');

PHP code for pkill the .py:

$output2 = shell_exec('sudo pkill -f EvilBlock.py');