sudo 中的 www-data 与 mount
[英]www-data in sudo with mount
问题描述
Unable to launch the mount command via php and exec
无法通过 php 和 exec 启动挂载命令
Of course : The file sudo toto.sh works and www-data is allowed in sudoers to ALL so all processes www-data ALL = (ALL) NOPASSWD: ALL当然:文件 sudo toto.sh 工作并且 www-data 允许在 sudoers 到 ALL 所以所有进程 www-data ALL = (ALL) NOPASSWD: ALL
toto.sh: toto.sh:
Machine = "L1069"
machine="L1069"
mount -t cifs //$ipaddr/c$ /mnt/pc-backup/$machine -o "vers=2.0,username=agent-back-ws,password=Bcth2,ro,iocharset=utf8
,noserverino"
In the go.php file:在 go.php 文件中:
$outputShell=passthru('sudo cat /etc/passwd');
$output=exec('sudo /var/www/html/toto.sh 2>&1');
var_dump ($output);
var_dump ($outputShell);
When I run php go.php (as root) I get:当我运行 php go.php (以 root 身份)时,我得到:
<pre> </ pre> string (0) ""
and mount is done and the content of / etc / passwd is displayed并挂载完成并显示/etc/passwd的内容
On the other hand via the browser I launch www / go.php so in www-data: I get:另一方面,我通过浏览器启动 www / go.php 所以在 www-data 中:我得到:
string (0) ""
no mount and the content of / etc / passwd is displayed不挂载,显示/etc/passwd的内容
Why the mount does not work is the problem seems the script with php7 and latest Debian version ...为什么挂载不起作用是问题似乎是带有 php7 和最新 Debian 版本的脚本...
Help !!!!!!! works in debian 8 and php 5.5
> L106529
passe dans gosuite.sh ....
Machine : L106529 - IP: xxx.xxx.250.185
Commande passee : /bin/mount -t cifs //xxx.xxx.250.185/c$ /mnt/pc-backup/L106529 -o "vers=2.0,username=agent-backup-ws,password=BcK312Eth2,ro,iocharset=utf8,noserverino"
execve("/bin/mount", ["/bin/mount", "-t", "cifs", "//xxx.xxx.250.185/c$", "/mnt/pc-backup/L106529", "-o", "vers=2.0,username=agent-backup-w"...], [/* 16 vars */]) = 0
[pid 26704] mount("//xxx.xxx.250.185/c$", ".", "cifs", MS_RDONLY, "ip=xxx.xxx.250.185,unc=\\\\xxx.xxx.2"...) = 0
[pid 26704] capset({_LINUX_CAPABILITY_VERSION_3, 26704}, {CAP_SYS_ADMIN, CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_SYS_ADMIN, 0}) = 0
not works in debian 9 php 7 :
L106529
passe dans gosuite.sh ....
Machine : L106529 - IP: xxx.xxx.250.185
Commande passee : /bin/mount -t cifs //xxx.xxx.250.185/c$ /mnt/pc-backup/L106529 -o "vers=2.0,username=agent-backup-ws,password=BcK312Eth2,ro,iocharset=utf8,noserverino"
execve("/bin/mount", ["/bin/mount", "-t", "cifs", "//xxx.xxx.250.185/c$", "/mnt/pc-backup/L106529", "-o", "vers=2.0,username=agent-backup-w"...], [/* 16 vars */]) = 0
brk(NULL) = 0x5565ff8c5000
pid 14506] capget({version=0 /* _LINUX_CAPABILITY_VERSION_??? */, pid=0}, NULL) = 0
[pid 14506] gettid() = 14506
[pid 14506] open("/proc/sys/kernel/cap_last_cap", O_RDONLY) = 3
[pid 14506] read(3, "37\n", 7) = 3
[pid 14506] close(3) = 0
1 个解决方案
解决方案1
0 2019-05-19 09:45:10
When you run the script from your "root context", you do not have to use the full paths to the executables you use.当您从“根上下文”运行脚本时,您不必使用所用可执行文件的完整路径。
You should use the full path to the binary in your scripts.您应该在脚本中使用二进制文件的完整路径。
Machine = "L1069"
machine="L1069"
/bin/mount -t cifs //$ipaddr/c$ /mnt/pc-backup/$machine -o "vers=2.0,username=agent-
back-ws,password=Bcth2,ro,iocharset=utf8
,noserverino"
and和
$outputShell=passthru('sudo /bin/cat /etc/passwd');
$output=exec('sudo /var/www/html/toto.sh 2>&1');
var_dump ($output);
var_dump ($outputShell);
To identify the correct path, use whereis mount and whereis cat要确定正确的路径,请使用whereis mount和whereis cat
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.