Centos中的Apache用户权限
[英]Apache user privileges in Centos
问题描述
Hi I'm using the shell_exec command from a PHP script: 
嗨,我正在使用PHP脚本中的shell_exec命令:
$output = shell_exec('ls -l');
print_r($output);
Terminal: php test.php 终端:php test.php
Which results in the directory listing as expected. 这导致目录列表按预期方式。
Switch to my browser I get no output. 切换到我的浏览器我没有输出。
I need to grant privileges to the user 'apache' so that it can execute certain commands, or add the user to a group with such privileges. 我需要为用户'apache'授予权限,以便它可以执行某些命令,或将用户添加到具有此类权限的组。 I know how to add users to groups etc, I was just wondering what the best practice method is of granting such privileges to the apache user. 我知道如何将用户添加到组等,我只是想知道为apache用户授予此类权限的最佳实践方法是什么。
2 个解决方案
解决方案1
0 2013-01-24 11:33:28
If you execute ls -Z in the desired directory, you will see which the SELinux permissions for that directory. 如果在所需目录中执行ls -Z,您将看到该目录的SELinux权限。
To allow the httpd/apache daemon to access that directory you can execute (the -R option is for make it recursive): 要允许httpd / apache守护程序访问该目录,您可以执行(-R选项用于使其递归):
chcon -Rv --type=httpd_sys_content_t /desired/path
Hope it helps. 希望能帮助到你。
解决方案2
0 已采纳 2010-10-22 08:10:10
This took me a while to figure out so it may be of benefit to others. 我花了一段时间才弄明白,这可能对其他人有益。
The problem was that I was trying to give the apache user privileges in /etc/sudoers and SELinux was (quite rightly) denying them. 问题是我试图在/ etc / sudoers中提供apache用户权限,而SELinux(非常正确地)否认它们。
So I quickly disabled SELinux for httpd and all was working. 所以我很快禁用了SELinux的httpd,一切正常。
This is far from an ideal situation though for a public web server. 对于公共Web服务器而言,这远非理想情况。
As for best practices audit2allow should be used to set permissive operations. 至于最佳实践,应使用audit2allow来设置许可操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.