如何从需要 SUDO 的 php 调用 shell 脚本?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3166123/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to call shell script from php that requires SUDO?
提问by JD Isaacks
I have a file that is a bash script that requires SUDO to work.
我有一个需要 SUDO 才能工作的 bash 脚本文件。
I can run it from the command line using SUDO but I will be prompted to put in the SUDO password.
我可以使用 SUDO 从命令行运行它,但系统会提示我输入 SUDO 密码。
I want to run this script from php via shell_execbut I if I call SUDO, its not like a command line where I can be prompted for the password. Is there a way to pass the password for sudo with the sudo call?
我想通过 php 从 php 运行这个脚本,shell_exec但是如果我调用 SUDO,它不像命令行那样可以提示我输入密码。有没有办法通过 sudo 调用传递 sudo 的密码?
How can I do this?
我怎样才能做到这一点?
回答by Brian
Edit the sudoers file (with visudo) and add a rule that allows the web server user to run the command without a password. For example:
编辑 sudoers 文件(使用visudo)并添加允许 Web 服务器用户无需密码即可运行命令的规则。例如:
www-data ALL=NOPASSWD: /path/to/script
回答by Danilo Bargen
There are various solutions for this problem.
这个问题有多种解决方案。
First of all, consider changing the script permissions, if reason why you want sudo is simply a permission issue (see the comment I added to the question above).
Another approach would be using the setuid bit.[Edit: Looks like setuid does not work well with scripts. For explananations, see this link.]A third, but very insecure method is to read the password from a password file. Warning:This is very insecure, if there's any other possibility, don't do it. And if you do it, try hiding the password file somewhere in your folder hierarchy.
<?php shell_exec('sudo -u root -S bash script.sh < /home/[user]/passwordfile'); ?>And a fourth possibility is to use the NOPASSWD tagin the sudoers file. You should limit this power to the specific commands you need.
首先,考虑更改脚本权限,如果您想要 sudo 的原因仅仅是权限问题(请参阅我添加到上述问题的评论)。
第三种但非常不安全的方法是从密码文件中读取密码。警告:这是非常不安全的,如果有任何其他可能性,请不要这样做。如果您这样做,请尝试将密码文件隐藏在您的文件夹层次结构中的某处。
<?php shell_exec('sudo -u root -S bash script.sh < /home/[user]/passwordfile'); ?>第四种可能性是在 sudoers 文件中使用NOPASSWD 标签。您应该将此功能限制为您需要的特定命令。
回答by Daniel Egeberg
You can add something like this to your sudoersfile:
您可以将这样的内容添加到您的sudoers文件中:
username ALL=NOPASSWD: /path/to/script
This will allow that particular user to call sudoon that particular script without being prompted for a password.
这将允许该特定用户调用sudo该特定脚本而不会被提示输入密码。
回答by Sanjay Kumar N S
The best secure method is to use the crontab. ie Save all your commands in a database say, mysql table and create a cronjob to read these mysql entreis and execute via shell_exec(). Please read this linkfor more detailed information.
最好的安全方法是使用 crontab。即,将所有命令保存在数据库中,例如 mysql 表并创建一个 cronjob 来读取这些 mysql entreis 并通过 shell_exec() 执行。请阅读此链接以获取更多详细信息。
* * * * * killProcess.php
