Don't do it! You will leave yourself wide open to all sorts of malicious hackery.

不要这样做！您将对各种恶意黑客行为敞开大门。

Have a look at the "sudo" documentation.

查看“sudo”文档。

You should be able to set up all the commands you need as "sudo"able scripts. It is much better to write specific scripts with limited functions than to expose the underlying priviledged command.

您应该能够将您需要的所有命令设置为“sudo”脚本。编写具有有限功能的特定脚本比公开底层特权命令要好得多。

As in:

如：

exec ('sudo getIpTables.ksh')

You can run sudo through phpseclib, a pure PHP SSH implementation:

您可以通过phpseclib（一个纯 PHP SSH 实现）运行 sudo ：

<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('www.domain.tld');
$ssh->login('username', 'password');

$ssh->read('[prompt]');
$ssh->write("sudo command\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>

I know this is an old question

我知道这是一个老问题

add the user php runs on to the sudo group if it is not already assigned

将用户 php 运行添加到 sudo 组（如果尚未分配）

use sudo -S, so you can pass the password via echo

使用 sudo -S，这样你就可以通过 echo 传递密码

$exec = "echo your_passwd | /usr/bin/sudo -S your command";
exec($exec,$out,$rcode);

if you have trouble with the paths - use

如果您在路径上遇到问题 - 使用

"bash -lc 'echo your_passwd | /usr/bin/sudo -S your command'"

so you get a new bash that acts like a login shell and has the paths set

所以你会得到一个新的 bash，它就像一个登录 shell 并设置了路径

check the man pages of sudo

检查 sudo 的手册页

Unless you use suphpand configure it to run as root you wont be able to run any PHP script on behalf of any other system user besides who is running PHP.

除非您使用suphp并将其配置为以 root 身份运行，否则除了运行 PHP 之外，您将无法代表任何其他系统用户运行任何 PHP 脚本。

Edit:

编辑：

Just an small idea. Add a queue process in some way and run a cronprocess in the root's crontab.

只是一个小想法。以某种方式添加一个队列进程，并在根的 crontab 中运行一个cron进程。

Please please be really careful about this. Any injection can literally destroy the system.

请注意这一点。任何注入都可以从字面上破坏系统。

This is very unsafe and a bad idea. Rethink your design. If you really want to do this use sudo as advised. An alternative solution might be to go ahead and run as root but do so inside a chroot or a vm image (both of which can be broken out of but still).

这是非常不安全的，也是一个坏主意。重新考虑您的设计。如果您真的想这样做，请按照建议使用 sudo。另一种解决方案可能是继续以 root 身份运行，但在 chroot 或 vm 映像中执行此操作（两者都可以脱离但仍然存在）。

Or best of all run as sudo inside a chroot!

或者最好在 chroot 中以 sudo 身份运行！

You can put the required commands in a separate script/executable file (sh, PHP, a real executable, doesn't matter), change its owner to root, and apply "setuid" to it.

您可以将所需的命令放在单独的脚本/可执行文件（sh、PHP、真正的可执行文件，无所谓）中，将其所有者更改为 root，然后对其应用“setuid”。

This will allow anything and anyone to run this script as root, so you need to make sure that it has it's own security rules for seeing if this is allowed, and is very restricted in what it does.

这将允许任何人和任何人以 root 身份运行此脚本，因此您需要确保它有自己的安全规则来查看是否允许这样做，并且它的功能受到很大限制。

I recently published a project that allows PHP to obtain and interact with a real Bash shell. Get it here: https://github.com/merlinthemagic/MTS

我最近发布了一个项目，允许 PHP 获取真正的 Bash shell 并与之交互。在这里获取：https: //github.com/merlinthemagic/MTS

After downloading you would simply use the following code:

下载后，您只需使用以下代码：

$shell    = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1  = $shell->exeCmd('iptables -L');
//the return will be a string containing the return of the command
echo $return1;

Just an assumption - Is this a PHP web app that will do this? This doesn't sound too safe. The app that needs root - could you build that separately and then invoke it from PHP? If not, maybe you can sudo the process so it can run as root.

只是一个假设 - 这是一个可以执行此操作的 PHP Web 应用程序吗？这听起来不太安全。需要 root 的应用程序 - 您可以单独构建它然后从 PHP 调用它吗？如果没有，也许您可​​以 sudo 进程，以便它可以以 root 身份运行。