堆栈内存溢出
  简体   繁体   English

确保PHP脚本只作为cron作业运行?

[英]Ensure a PHP script is only ever run as a cron job?

 原文  2010-10-29 17:34:40       php/ cron

问题描述

如何确保用户无法运行PHP脚本,并且只能作为cron作业的一部分运行?

5 个解决方案

解决方案1
 16 已采纳  2010-10-29 17:37:50

You can set an environment variable in your crontab. 您可以在crontab中设置环境变量。 A line like IS_CRON=1 can be placed at the beginning of your crontab, then check in your php program for get_env("IS_CRON") == 1 . IS_CRON=1这样的行可以放在你的crontab的开头,然后在你的php程序中检查get_env("IS_CRON") == 1

Of course, you should also use file permissions as they're not so easily bypassed. 当然,您还应该使用文件权限,因为它们不容易被绕过。 If this is run as part of root's cron, chown root:root yourscript.php and chown 700 yourscript.php . 如果这是作为root的cron的一部分运行的,则chown root:root yourscript.phpchown 700 yourscript.php

As ircmaxell says, it'd be better to run as a user other than root assuming you don't need root permissions for what you're doing. 正如ircmaxell所说,假设你不需要root权限来做你正在做的事情,那么以root用户身份运行会更好。 I was just taking a guess about your setup. 我只是猜测你的设置。

解决方案2
 9  2011-01-07 12:06:33

让PHP脚本检查$_SERVER['REMOTE_ADDR']是否为空,如果不是,那么让脚本退出而不做任何进一步的操作。

解决方案3
 5  2010-10-29 17:41:37

There are probably a number of ways to do this. 可能有很多方法可以做到这一点。 Off the top of my head, I would say that placing it in a directory owned by root, and only readable by root might get close to achieving the effect you are looking for. 在我的脑海中,我会说将它放在root拥有的目录中,只有root可读才可能接近达到你想要的效果。

Are there any processes you are looking specifically to restrict it from? 您是否有任何特定的流程来限制它? If so, using permissions, make it not readable to any of those processes. 如果是这样,使用权限,使其不可读取任何这些进程。

解决方案4
 3  2010-10-29 17:38:02

我建议在crontab中设置一个环境变量,然后在PHP脚本中检查它

解决方案5
 1  2010-10-29 18:16:38

Create a user for cron jobs, and set permissions of the script so it can only be run as this user. 为cron作业创建用户,并设置脚本的权限,使其只能作为此用户运行。 Of course you then need to put the script in that user's crontab , which you can do by logging in as that user and running crontab . 当然,您需要将脚本放在该用户的crontab中 ,您可以通过以该用户身份登录并运行crontab来完成该操作。 Just don't give that user's password to just any other user... 只是不要将该用户的密码提供给任何其他用户......

At first I was also thinking of setting an environment variable which would prevent running this script from the web... But just not putting the script in the space where the web server looks for pages for websites, would do the same. 起初我还在考虑设置一个环境变量来防止从网络上运行这个脚本...但是只是不将脚本放在Web服务器查找网站页面的空间中,也会这样做。

And nothing is stopping a random user from first setting the environment variable and then running the script. 并没有什么能阻止随机用户首先设置环境变量然后运行脚本。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Cron作业运行PHP脚本 - Cron job to run php script 有关某人将运行仅用于cron作业的php脚本 - Concerned someone will run a php script only intended for a cron job 只有cron才能运行php脚本 - run php script only by cron 使用cron作业在localhost上运行php脚本 - Run a php script on localhost using cron job 设置Cron作业以运行PHP脚本 - set up Cron job to run PHP script 在 Windows 本地主机上的 PHP 脚本上运行 Cron 作业 - Run Cron Job on PHP Script, on localhost in Windows 如何在 cpanel 中的 cron 作业上运行 php 脚本 - How to run php script on cron job in cpanel 如何确保我的PHP脚本仅作为计划作业而不是从浏览器运行? - How can I ensure my PHP script is only run as a schedule job and not when run from a browser? 是否最好每3分钟运行一次cron作业,或者如果已经过去3分钟,则仅在请求时才执行php脚本? - Is it better to run a cron job every 3 minutes or do a php script only on request if 3 minutes already passed? 手动运行时php脚本有效,但仅部分用作cron作业(不会将文件写入目录) - php script works when manually run but only partially works as cron job (will not write files to directory)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM