让PHP执行具有root权限一个bash脚本 [英] Allowing PHP to execute a bash script with root permissions
问题描述
如何让一个PHP脚本,以root权限执行bash脚本?
how to allow a PHP script to execute a bash script with root permissions?
让我们说有一个PHP脚本...
Let's say there is a PHP script...
<?php
// location: /var/www/script.php
exec("bash /var/scripts/test.sh"); // "sudo bash ..." does not work
?>
和bash脚本...
and a bash script ...
#!/bin/bash
# location: /var/scripts/test.sh
sudo mkdir /test
当然,PHP和Apache不应以root身份运行,并充其量只是脚本可以用root权限执行。任何想法?
Of course PHP and Apache should not run as root and at best only the script can be executed with root permissions. Any ideas?
最好的问候,
神保
Best regards, Jimbo
推荐答案
如果不想等待的cron,这里是C,你会从PHP调用一个简单的包装。
If don't want wait for cron, here is a simple wrapper in C, what you will call from php.
#include <unistd.h>
#include <errno.h>
#define WEBUID 500
main( int argc, char ** argv, char ** envp ) {
if( getuid() != WEBUID ) exit(1);
/* some more security checks */
if( setuid(geteuid()) ) perror( "setuid error" );
envp = 0; /* don't want environment - security problem */
system( "/hardcoded/path/to/script.bash", argv, envp );
}
这编译包装应拥有其根,组WWW,并应该有s位。结果 chwon root.www包装;搭配chmod 4440包装
,所以
This compiled wrapper should be owned as root, group "www" and should have "s-bit".
chwon root.www wrapper; chmod 4440 wrapper
, so
- 执行时,他的有效UID将根
- 执行它只能组WWW(Web服务器的组)
- 当主叫用户的UID是不是Web服务器将退出
这篇关于让PHP执行具有root权限一个bash脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!