从PHP脚本运行“ sudo”命令?
[英]Running a “sudo” command from a PHP script?
问题描述
I want to run a "sudo" command from the PHP and I have read all the tutorials on the web, but no solution works. 
我想从PHP运行“ sudo”命令,并且已经阅读了网络上的所有教程,但是没有解决方案。 At least I've added the default "nobody" user of LAMP to the root group – but no effect. 至少我已经将LAMP的默认“ nobody”用户添加到了根组中-但没有任何效果。
echo exec("sudo echo hi");
A note on security: 安全注意事项:
While some people here are downvoting this due to their strong belief that this will create a big security hole that will destroy the entire Internet, there are some valid cases for this, eg, in testing. 尽管这里的某些人由于坚信这会创建一个会破坏整个Internet的巨大安全漏洞而对此表示反对,但对此有一些有效的案例,例如,在测试中。 Running setup scripts from PHPUnit / Behat suites to configure the environment may require sudo permission. 从PHPUnit / Behat套件运行安装脚本以配置环境可能需要sudo权限。 Those scripts are not accessible from the application and do not create security holes, as the matter of fact they help to ensure such holes are not present. 这些脚本无法从应用程序访问,并且不会创建安全漏洞,因为事实上它们有助于确保不存在此类漏洞。
5 个解决方案
解决方案1
9 已采纳 2011-09-13 08:13:00
Adding users to the root group does not give them sudo rights, that is what /etc/sudoers is for. 将用户添加到根组并不会赋予他们sudo权限,这就是/ etc / sudoers的目的。
To be honest, what you're trying to do sounds like a giant security hole 老实说,您尝试做的事情听起来像是一个巨大的安全漏洞
EDIT: copied from comments... 编辑:从评论中复制...
My suggestion would be something like, setting up a cron under the root user, that checks against a file or db that your PHP can write to, parses it, and remove the users you've specified. 我的建议是在根用户下设置cron,以检查PHP可以写入的文件或数据库,对其进行解析并删除您指定的用户。
解决方案2
1 2011-09-13 13:06:48
I think you should run chmod u+s on your script. 我认为您应该在脚本上运行chmod u + s。 Or maybe ug+s (Depending on your need). 也许是ug + s(取决于您的需要)。 This way you will have su access. 这样,您将具有su访问权限。
解决方案3
0 2014-10-15 23:41:43
<?php
phpinfo();
?>
You first need to find the user of your webserver and give them root privialges, the above code will tell you this, but as others say THIS IS A MASSIVE SECURITY HOLE and I strongly do not recommend it. 您首先需要找到您的Web服务器的用户并为他们提供root特权,以上代码将告诉您这一点,但是正如其他人所说的,这是一个大规模的安全漏洞,因此我强烈不建议这样做。
解决方案4
0 2015-09-02 08:55:21
All the security stuff aside, this is possible. 除了所有安全措施,这都是可能的。 Indeed as Jon Stirling has stated, adding users to a specific group is not going to help you. 确实,正如乔恩·斯特林(Jon Stirling)所说的那样,将用户添加到特定的组不会帮助您。 You need to specify the correct sudo lines with "visudo" as root, eg: 您需要以“ visudo”为根来指定正确的sudo行,例如:
nobody ALL=(root) NOPASSWD:/usr/bin/echo hi
This will let the user root, execute the command "/usr/bin/echo hi" as the user root. 这将使用户成为root用户,以用户root身份执行命令“ / usr / bin / echo hi”。
Now for executing it via PHP: 现在通过PHP执行它:
echo exec("/usr/bin/sudo -u root /usr/bin/echo hi");
解决方案5
0 2011-09-13 08:14:32
您应该将您的网络服务器用户添加到/etc/sudoers文件中
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.