堆栈内存溢出
  简体   繁体   English

服务器端脚本在PHP中以root或可行的交互方式运行

[英]server side scripts run as root or a viable interactive way in php

 原文  2010-12-29 13:08:21       php/ bash/ scripting/ server-side/ administration

问题描述

i'm trying to find out the way to perform administrativa tasks in a local server as different scripts most of them having actions that require root permissions. 我正在尝试找出在本地服务器中执行管理任务的方式,因为它们中的大多数脚本具有不同的脚本,这些脚本具有需要root权限的操作。

How can i execute these scripts with the least security impact?¿ 如何以最小的安全性影响执行这些脚本?

I send some example scripts: 我发送一些示例脚本: 

#!/bin/bash
if [ $1 == '-h' ];
then
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
  echo +                               Instrucciones                           +
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
  echo Para ejecutar el script hay que hacer cd hasta /var/www/scripts/server .. 
  echo ejecutar ----> bash crearhosts $dominio $dominio $dominio $status
  echo Se pueden poner tantos dominios como se quiera sin extensión salvo el último parámetro que ha de ser el tipo de site con los siguientes valores validos:
  echo localzone1
  echo localzone2
  echo localzone3
  echo +------------ejemplo-------------+
  echo bash domain domain domain localzone
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
  echo +                               fin                                     +
  echo +-------+-------+-------+-------+-------+-------+-------+-------+-------+
else 

    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+
    #+                               Variables                               +
    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+

    params=$*
    array=$(echo $params | sed 's/ /;/g')
    IFS=";"
    set -- $array
    sites=($array)

    base="/var/www"
    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+
    #+                               funciones                               +
    #+-------+-------+-------+-------+-------+-------+-------+-------+-------+
    function hostconf(){
      case $status in
        aracne)
          cp /var/www/vhosts/template.ethings.com.conf /var/www/vhosts/$domain-aracne.ethings.com.conf  
          grep -Rl -e 'ethings/template' /var/www/vhosts/$domain-aracne.ethings.com.conf | xargs sed -i 's:domain/template:domain/'$domain'-aracne:g'
              grep -Rl -e 'template' /var/www/vhosts/$domain-domain.com.conf | xargs sed -i 's/template/'$domain'-aracne/g' 
          mkdir $base/$status/${directorios[0]}-aracne ; mkdir $base/$status/${directorios[0]}-dominio/${directorios[1]} ; mkdir $base/$status/${directorios[0]}-dominio/${directorios[2]}
              echo +---------------------------------------------------------------------------------------------------------------------------------------------+
              echo "+----------------------No OLVIDE AÑADIR EL DOMINIO "$domain"-domain.com para la ip xxx.xxx.xxx.xxx en su archivo hosts"
              echo +----------------------------------------------------------------!!!!!!!!!!!!!!!!!!!!---------------------------------------------------------+;;

        static)
          cp /var/www/vhosts/template.ethings.com.conf /var/www/vhosts/$domain.ethings.static.com.conf  
          grep -Rl -e 'ethings/template' /var/www/vhosts/$domain.ethings.static.com.conf | xargs sed -i 's:ethings/template:ethings/static-webs/'$domain':g'
          grep -Rl -e 'template.ethings' /var/www/vhosts/$domain.ethings.static.com.conf | xargs sed -i 's/template.ethings/'$domain'.ethings.static/g'
          mkdir $base/ethings/$status-webs/${directorios[0]}; mkdir $base/ethings/$status-webs/${directorios[0]}/${directorios[1]}; mkdir $base/ethings/$status-webs/${directorios[0]}/${directorios[2]}
              echo +---------------------------------------------------------------------------------------------------------------------------------------------+
              echo "+----------------------No OLVIDE AÑADIR EL DOMINIO "$domain".domain.com para la ip xxx.xxx.xxx.xxx en su archivo hosts"
              echo +----------------------------------------------------------------!!!!!!!!!!!!!!!!!!!!---------------------------------------------------------+;;
        *)
          cp /var/www/vhosts/template.domain.com.conf /var/www/vhosts/$domain.ethings.com.conf  
          grep -Rl -e 'template' /var/www/vhosts/$domain.domain.com.conf | xargs sed -i 's/template/'$domain'/g'
          mkdir $base/ethings/${directorios[0]} ; mkdir $base/ethings/${directorios[0]}/${directorios[1]} ; mkdir $base/ethings/${directorios[0]}/${directorios[2]}
              echo +-------------------------------------------------------------------------------------------------+
              echo "No OLVIDE AÑADIR EL DOMINIO "$domain".domain.com para la ip xxx.xxx.xxx.xxx en su archivo hosts"
              echo +-----------------------------------!!!!!!!!!!!!!!!!!!!!------------------------------------------+;;
      esac
    }

    #echo ${#sites[@]} +-------+ elements of array  +--------+
    for((count=0; count<$((${#sites[@]}-1)); count++))
    do
      directorios=("${sites[$count]}" "html" "logs")
      domain=${sites[$count]}
      status=${sites[$((${#sites[@]}-1))]}
      hostconf $status
    done
        /etc/init.d/apache2 restart
fi
#

As you can see this script must be run as root for it has many actions that require so 如您所见,此脚本必须以root用户身份运行,因为它需要执行许多操作,因此

Another scriptt: 另一个脚本: 

 echo password | python /var/www/google_appengine/appcfg.py --passin --email=email update localapplicationurl
#

when i run it i get apache errors with permissions for appcfg.py even chmoding 4755 and visudoing to all all=nopasswd: urlscript/script 当我运行它时,我得到了apcf错误,权限为appcfg.py,甚至更改为4755并伪装成all = nopasswd:urlscript / script

And other tries. 和其他尝试。

Sorry to post so many questions but i really need to be able to run many scripts so that people in my company can do it as web interface. 抱歉发布了这么多问题,但我确实需要能够运行许多脚本,以便公司中的人们可以将其用作Web界面。

Thank you for your answer. 谢谢您的回答。 Well is basically a plesk type panel personalized to my own needs. 好吧,基本上是一个可以满足我自己需求的个性化面板。 That includes creating samba configurations, vhost configurations, upload websites to remote servers and so download them, automating installation of databases on programmers needs, creating users groups, etc is a company with over 1000 domains i set four local servers for production we have scripts for uploading to cdn in google and amazon, etc. I have all this set up in independent scripts but need to somehow be able to get people do this in website interface. 这包括创建samba配置,vhost配置,将网站上传到远程服务器并进行下载,根据程序员的需要自动安装数据库,创建用户组等。这是一家拥有1000多个域的公司,我为生产设置了四个本地服务器,我们有脚本用于我在独立的脚本中设置了所有这些内容,但需要以某种方式让人们在网站界面中执行此操作。 It would release a lot of work from me (i'm the only one doing this) and be able to concentrate on webservers optimizaton and others. 它会从我身上释放很多工作(我是唯一这样做的人),并且能够专注于优化网络服务器和其他服务器。 So i need to do this and most scripts involve ssh conections over ssh to at least 30 different servers or downloading-uploading 100 minisites at once (ssh connections ftp etc), or running google cdn with python and sdk and else and else. 因此,我需要执行此操作,大多数脚本都需要通过ssh连接到至少30台不同的服务器,或一次下载-上传100个微型站点(ssh连接ftp等),或者使用python和sdk等运行google cdn。 Most of this having to be on behalf of users need that is get these domains from this server - give option to select them - select action - run upload-download-cleanremotecache-erasespecificfilesfolders-etc script. 其中大多数必须代表用户的需要,即从该服务器获取这些域-提供选项以选择它们-选择操作-运行upload-download-cleanremotecache-erasespecificfilesfolders-etc脚本。

That is the thing. 就是这样 The good thing about this is i can block total access to the server by iptables or by local specific mac addresses in servers confs, and so. 这样做的好处是,我可以通过iptables或服务器confs中的本地特定mac地址来阻止对服务器的总访问。 It needs to only run in local and be able to run sripts that involve mostly root commands. 它只需要在本地运行,并且能够运行主要涉及root命令的sripts。

I just need to focus on best way to do it most things found in google don't work as spected, or similar. 我只需要专注于做到这一点的最佳方法,就可以在Google中找到的大多数东西无法按预期或类似的方式工作。 When i get the way of approach the rest is a matter of putting hands to it. 当我找到方法时,剩下的就是动手了。

Sorry to extend myself so much but as you see i have a lot of things to do and my experience in computers and linux started a year ago. 很抱歉扩展了我自己,但是如您所见,我还有很多事情要做,而我在计算机和Linux方面的经验始于一年前。

1 个解决方案

解决方案1
 0  2011-01-24 20:02:45

I think that the real question here is if you really need to run those scripts as root from a web interface, that's extremely unsafe and not recommended. 我认为这里的真正问题是,如果您真的需要从Web界面以root用户身份运行这些脚本,那是非常不安全的,因此不建议这样做。

You should log to the server and install them manually, then leave the web interface to install anything else that does not requires root access. 您应该登录到服务器并手动安装它们,然后离开Web界面安装不需要root访问权限的其他任何内容。

Anyway I think you can look for some time of solution to this over google, but it's not recommended and violates the general permissions design of linux. 无论如何,我认为您可以通过Google寻找一些解决方案,但是不建议这样做,它违反了Linux的一般权限设计。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP-如何从PHP控制Solaris服务器以运行根命令来执行脚本? - PHP - How to control a Solaris server from php to run root commands to execute scripts? 在同一Apache服务器上并行运行PHP 4和PHP 5的最佳方法是什么? - What is the best way to run PHP 4 and PHP 5 side-by-side on the same Apache server? 在服务器上运行常量的php脚本 - Run constant number of php scripts on server 如何从Web服务器运行php脚本 - How to run php scripts from web server 有没有一种方法可以在没有持续运行的服务器端php websocket服务器的情况下运行websocket? - Is there a way to run websockets without a server side php websocket server that runs constantly? 从网页上的客户端运行js或php脚本 - Run js or php scripts from client side on webpage 如何在服务器上运行PHP脚本而不更新服务器文件 - How to run PHP scripts on server without updating server's files 将LocalStorage发送到服务器端php的正确方法 - Right way to send LocalStorage to server side php PHP客户端操作以在服务器端运行脚本 - PHP Client-Side action to run a script server-side 结合jQuery和Zen-Coding php端口,在服务器端脚本上模拟客户端编程风格 - Combine jQuery and Zen-Coding php ports to emulate client side programming style on server side scripts
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM