shell_exec 中的 PHP sudo
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5652986/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP sudo in shell_exec
提问by www.data-blogger.com
I want to execute a command as root with shell_exec. Now I know this is dangerous, but believe me, you need to login with MOD_AUTH and have the right privilleges to come to this page. It's secure. How can I get this done?
我想使用 shell_exec 以 root 身份执行命令。现在我知道这很危险,但相信我,您需要使用 MOD_AUTH 登录并拥有访问此页面的正确权限。这是安全的。我怎样才能做到这一点?
回答by Caleb
The problem isn't that yourpage is or isn't secure, the problem is that giving a php page the ability to run some sudo command would give it to allpages including any injected code on any insecure page on any site on the server.
问题不在于您的页面安全或不安全,问题在于让 php 页面能够运行某些 sudo 命令会将其提供给所有页面,包括服务器上任何站点上任何不安全页面上的任何注入代码.
That said, it might be best to make a wrapper script that does just the one job that needs doing, then give the http user access to just that ONE command as sudo
也就是说,最好制作一个只完成一项需要做的工作的包装脚本,然后让 http 用户以 sudo 的身份访问该 ONE 命令
http ALL=(ALL) NOPASSWD:/user/local/bin/your_wrapper_script.sh
回答by Caleb
You could use the latest SVN version of phpseclib, a pure PHP SSH implementation, to do this. eg.
您可以使用phpseclib的最新 SVN 版本(一种纯 PHP SSH 实现)来执行此操作。例如。
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('www.domain.tld');
$ssh->login('username', 'password');
$ssh->read('[prompt]');
$ssh->write("sudo command\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>
回答by Jim W.
Definitley not advised. However, you will want to look into editing the sudoersfile and add the user php is running as a NOPASSWDfor the command you need to run. This will only allow him to sudothat one command with out entering a password.
不建议Definitley。但是,您需要查看编辑sudoers文件并添加正在运行的用户 php 作为NOPASSWD您需要运行的命令。这将只允许他在sudo不输入密码的情况下执行该命令。
If you need more commands add more to it. Sudoers ConfigurationI know that forum/post is debian based but sudo is not strictly debian and that should help you out with the sudo configuration values that you need to put it.
如果您需要更多命令,请添加更多命令。Sudoers 配置我知道论坛/帖子是基于 debian 的,但 sudo 并不是严格的 debian,这应该可以帮助您解决需要放置的 sudo 配置值。
回答by drudge
I just Google'd for php sudo shell_execand this came up as the #1 match:
我只是用 Google 搜索php sudo shell_exec了一下,结果显示为 #1 匹配项:
http://www.php.net/manual/en/function.shell-exec.php#101440
http://www.php.net/manual/en/function.shell-exec.php#101440
ilya at linemedia dot ru 16-Dec-2010 04:36
sudo can be executed without storing pass in a file
ilya at linemedia dot ru 16-Dec-2010 04:36
sudo 可以在不将 pass 存储在文件中的情况下执行
system('echo "PASS" | sudo -u root -S COMMAND');
回答by SamyOteroGlez
$aux=echo "admin-pass" | your command;
echo $aux;
/******************************* ************Example************* *******************************/
/******************************* ************例子***** ******** ************************************/
Run a Perl script named my_perl_script.pl:
运行名为 的 Perl 脚本my_perl_script.pl:
$aux=echo "admin-pass" | sudo -u root -S perl /path-to-the-script/my-perl-script.pl;
echo $aux;
回答by Timon de Groot
Best way to do it:
最好的方法:
$descriptorSpec = array(
0 => STDIN,
1 => STDOUT,
2 => STDERR,
);
if (posix_getuid() === 0) {
echo "Root\n";
} else {
echo "No root\n";
$command = 'sudo ' . PHP_BINARY . ' ' . implode(' ', $_SERVER['argv']);
$pipes = [];
$process = proc_open($command, $descriptorSpec, $pipes);
if (is_resource($process)) {
proc_close($process);
}
}
It runs the same command again, with sudo prefixed.
它再次运行相同的命令,以 sudo 为前缀。
