以其他用户身份运行exec [英] Running exec as a different user

问题描述

是否可以以其他用户身份运行 exec()(在我的机器上，它以www-data).我希望执行一个脚本，该脚本需要访问www-data不拥有的文件.

Is it possible to run exec() as a a different user (on my box it runs as www-data). I wish to execute a script that needs access to files that are not owned by www-data.

推荐答案

几年前，我有一个类似的要求，即需要一些PHP脚本才能与串行端口通信.第一个串行端口通常是/dev/ttyS0，由root拥有并在组拨出中.

I had a similar requirement some years ago that required a few PHP scripts to talk to a serial port. The first serial port is typically /dev/ttyS0, owned by root and in the group dialout.

对于我的初始设置，我将我的apache用户添加到了组拨出中. PHP脚本可以直接与串行端口通信，而不会出现问题.但是，任何时候只有一个脚本实例可以打开串行端口，因此该解决方案无法正常工作.

For my initial setup, I added my apache user to the group dialout. The PHP scripts were able to directly talk to the serial port with no problem. However, only one instance of a script could open the serial port at any one time, so this solution could not work.

然后，我创建了一个守护程序，该守护程序在串行端口和PHP脚本之间提供了一层. PHP脚本将通过命名管道与守护程序通信，然后守护程序将格式化请求并将其传递到串行端口-沿途进行一些缓存.

I then created a daemon that provided a layer between the serial port and the PHP scripts. The PHP scripts would talk to the daemon via a named pipe, and the daemon would then format the requests and pass it onto the serial port - doing a bit of caching along the way.

因此，可以将www-data或任何您的apache用户添加到拥有这些文件的组中，赋予组执行权限，或者像我一样使用代理.如果您担心安全问题，那么我会选择后者.

So, either add www-data, or whatever your apache user is, to the group that owns those files, giving group execution permissions, or use a proxy like I had. If security concerns you, then I'd go with the latter.

这篇关于以其他用户身份运行exec的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！