Read this whole post before trying it out, there are choices to be made.

在尝试之前阅读整篇文章，有很多选择。

Solution using a binary wrapper (with suid bit)

使用二进制包装器的解决方案（带有 suid 位）

1)Create a script (preferrably .sh) that contains what you want to be ran as root.

1)创建一个脚本（最好是.sh），其中包含您希望以 root 身份运行的内容。

# cat > php_shell.sh <<CONTENT
  #!/bin/sh
  /sbin/service sshd restart
CONTENT

2)This file should be owned by root, and since it will later run with root permissions make sure that only root has permission to write to the file.

2)这个文件应该归 root 所有，因为它以后会以 root 权限运行，所以确保只有 root 才有写入文件的权限。

# chown root php_shell.sh
# chmod u=rwx,go=xr php_shell.sh

3)To run the script as root no matter what user that executes it, we will need a binary wrapper. Create one that will execute our php_shell.sh.

3)无论执行脚本的用户是谁，都要以 root 身份运行脚本，我们需要一个二进制包装器。创建一个将执行我们的php_shell.sh.

# cat > wrapper.c <<CONTENT
  #include <stdlib.h>
  #include <sys/types.h>
  #include <unistd.h>

  int
  main (int argc, char *argv[])
  {
     setuid (0);

     /* WARNING: Only use an absolute path to the script to execute,
      *          a malicious user might fool the binary and execute
      *          arbitary commands if not.
      * */

     system ("/bin/sh /path/to/php_shell.sh");

     return 0;
   }
CONTENT

4)Compile and set proper permissions, including the suid bit (saying that it should run with root privileges):

4）编译并设置适当的权限，包括suid位（说它应该以root权限运行）：

# gcc wrapper.c -o php_root
# chown root php_root
# chmod u=rwx,go=xr,+s php_root

php_rootwill now run with root permissions, and execute the commands specified in php_shell.sh.

php_root现在将以 root 权限运行，并执行中指定的命令php_shell.sh。

If you don't need to the option to easily change what commands that will be executed I'd recommend you to write the commands directly in wrapper.cunder step 4. Then you don't need to have a binary executing a external script executing the commands in question.

如果您不需要选项来轻松更改将要执行的命令，我建议您直接在wrapper.c步骤4下编写命令。然后，您不需要让二进制文件执行执行相关命令的外部脚本。

In wrapper.c, use system ("your shell command here");to specify what commands you'd like to execute.

在 中wrapper.c，用于system ("your shell command here");指定您要执行的命令。

I would not have PHP execute any sudo commands. To me that sounds like asking for trouble. Instead I would create two separate systems.

我不会让 PHP 执行任何 sudo 命令。对我来说，这听起来像是自找麻烦。相反，我会创建两个独立的系统。

The first system, in PHP (the web tier), would handle user requests. When a request is made that needs a sudo command I would place this request in some queue. This could be a database of some sort or middle-ware such as ZeroMQ.

第一个系统，在 PHP（Web 层）中，将处理用户请求。当发出需要 sudo 命令的请求时，我会将这个请求放在某个队列中。这可能是某种数据库或中间件，例如 ZeroMQ。

The second system (the business tier) would read or receive messages from this queue and would have the ability to execute sudo commands but won't be in the scope of your web-server process.

第二个系统（业务层）将从该队列读取或接收消息，并能够执行 sudo 命令，但不会在您的 Web 服务器进程的范围内。

I know this is a bit vague and it can be solved in different ways with various technologies but I think this is the best and safest way to go.

我知道这有点含糊，可以使用各种技术以不同方式解决，但我认为这是最好和最安全的方法。

Allow the www-data user to run to run program1 and program2 with no password:

允许www-data用户运行无需密码即可运行program1和program2：

sudo visudo

Add to the contents of the sudoers file:

添加到 sudoers 文件的内容：

User_Alias WWW_USER = www-data
Cmnd_Alias WWW_COMMANDS = /sbin/program1, /sbin/program2
WWW_USER ALL = (ALL) NOPASSWD: WWW_COMMANDS

Save.

节省。

from https://askubuntu.com/questions/76920/call-a-shell-script-from-php-run-as-root

来自https://askubuntu.com/questions/76920/call-a-shell-script-from-php-run-as-root

Solution using a binary wrapper (with suid bit)Some modification of Filip Roséen - refppost.

使用二进制包装器（带有 suid 位）的解决方案Filip Roséen 的一些修改- refp帖子。

To execute any command modified wrapper.c

执行任何命令修改wrapper.c

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <string.h>

int main (int argc, char  **argv)
{
 setuid (0);
 char cmd[100] = "";
 int i;
 char *p;
 for(i=0; i < argc; i++) {
    if(i != 0){
   strcat(cmd, *(argv+i));
   strcat(cmd, " ");
    }
 }

 system (cmd);

 return 0;
 }

Compile and set proper permissions;

编译并设置适当的权限；

  gcc wrapper.c -o php_root     # php_root can be any name.
  chown root php_root
  chmod u=rwx,go=xr,+s php_root

Now call from PHP. Execute any command.

现在从 PHP 调用。执行任何命令。

 shell_exec('./php_root '.$cmd);//execute from wrapper

I recently published a project that allows PHP to obtain and interact with a real Bash shell, it will easily give you a shell logged in as root. Then you can just execute the individual bash commands rather than bundling then in a script. That way you can also handle the return. Get it here: https://github.com/merlinthemagic/MTS

我最近发布了一个项目，它允许 PHP 获取真正的 Bash shell 并与之交互，它可以轻松地为您提供一个以 root 身份登录的 shell。然后你可以只执行单独的 bash 命令，而不是捆绑在脚本中。这样你也可以处理退货。在这里获取：https: //github.com/merlinthemagic/MTS

After downloading you would simply use the following code:

下载后，您只需使用以下代码：

$shell    = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1  = $shell->exeCmd('service sshd restart');

echo $return1;

//On CentOS 7 output would be like: 
//Redirecting to /bin/systemctl restart  sshd.service

//On CentOS 6 and lower output would be like:
//Stopping sshd:                                             [  OK  ]
//Starting sshd:                                             [  OK  ]

setenforce 0

Write this command in the terminal this command will disable SELinux. this isn't a good practice.

在终端中写入此命令此命令将禁用 SELinux。 这不是一个好习惯。