从PHP脚本以WWW-DATA形式启动FOREVER或PM2 [英] Starting FOREVER or PM2 as WWW-DATA from a PHP script

问题描述

我有一个名为script.js的nodejs脚本.

I have a nodejs script named script.js.

var util = require('util'); 
var net = require("net"); 

process.on("uncaughtException", function(e) {
console.log(e);
});

var proxyPort = "40000"; 
var serviceHost = "1.2.3.4"; 
var servicePort = "50000"; 

net.createServer(function (proxySocket) {
    var connected = false;
    var buffers = new Array();
    var serviceSocket = new net.Socket();
    serviceSocket.connect(parseInt(servicePort), serviceHost);
    serviceSocket.pipe(proxySocket).pipe(serviceSocket);
    proxySocket.on("error", function (e) {
        serviceSocket.end();
    });
    serviceSocket.on("error", function (e) {
        console.log("Could not connect to service at host "
            + serviceHost + ', port ' + servicePort);
        proxySocket.end();
    });
    proxySocket.on("close", function(had_error) {
        serviceSocket.end();
    });
    serviceSocket.on("close", function(had_error) {
        proxySocket.end();
    });
}).listen(proxyPort);

我通常像nodejs script.js一样运行它，但是现在我想同时包含forever或pm2功能.当我root时，所有内容都可以正常运行:

I am runing it normally like nodejs script.js, but now i want to include forever or pm2 functionalities as well. When i am root everything works smootly:

chmod -R 777 /home/nodejs/forever/;
-- give rights

watch -n 0.1 'ps ax | grep forever | grep -v grep'
-- watch forwarders (where i see if a forever is opened)

/usr/local/bin/forever -d -v --pidFile "/home/nodejs/forever/file.pid" --uid 'file' -p '/home/nodejs/forever/' -l '/home/nodejs/forever/file.log' -o '/home/nodejs/forever/file.log' -e '/home/nodejs/forever/file.log' -a start /etc/dynamic_ip/nodejs/proxy.js 41789 1.2.3.4:44481 414 file
-- open with forever

forever list
-- it is there, i can see it

forever stopall
-- kill them all

问题是当我想使用system或exec函数从PHP脚本运行脚本时:

The problem is when i want to run the script from a PHP script with the system or exec functions :

sudo -u www-data /usr/local/bin/forever -d -v --pidFile "/home/nodejs/forever/file.pid" --uid 'file' -p '/home/nodejs/forever/' -l '/home/nodejs/forever/file.log' -o '/home/nodejs/forever/file.log' -e '/home/nodejs/forever/file.log' -a start /etc/dynamic_ip/nodejs/proxy.js 41789 1.2.3.4:44481 414 file
-- open as www-data (or i can do this just by accessing `http://1.2.3.4/test.php`, it is the same thing)

forever list
-- see if it is there, and it is not (i see it in watch)

forever stopall
-- says no forever is opened

kill PID_ID
-- the only way is to kill it by pid ... and on another server all of this works very well, can create and kill forevers from a php script when accessing it from web ... not know why
-- everything is in /etc/sudoers including /usr/local/bin/forever 

那是为什么?我该如何解决?

Why is that? How can i solve this?

我也做了一些技巧，创建了一个用户"forever2"，我创建了一个具有以下内容的script.sh:

I also made some trick, created a user 'forever2', i created a script.sh with this content :

sudo su forever2 user123; /usr/local/bin/forever -d -v --pidFile "/home/nodejs/forever/file.pid" --uid 'file' -p '/home/nodejs/forever/' -l '/home/nodejs/forever/file.log' -o '/home/nodejs/forever/file.log' -e '/home/nodejs/forever/file.log' -a start /etc/dynamic_ip/nodejs/proxy.js 41789 1.2.3.4:44481 414 file;

其中不存在user123，这只是在执行后退出shell的一种技巧.该脚本有效，运行forever，我可以使用root中的命令forever stopall永久关闭所有脚本.当我尝试以相同的方式运行http://1.2.3.4/test.php或以www-data用户身份运行时，我无法从root或www-data关闭它，因此甚至无法正常工作.

where user123 is not existent, is just a trick to exit the shell after execution. The script works, runs forever, i can close all forevers with the command forever stopall from root. When i try the same thing running the http://1.2.3.4/test.php or as www-data user i cannot close it from root or www-data, so not even this works.

我尝试过Ubuntu 14.04.3 LTS，Ubuntu 14.04 LTS和Debian GNU/Linux 8 ...还是一样.

I tried from Ubuntu 14.04.3 LTS, Ubuntu 14.04 LTS , Debian GNU/Linux 8 ... still the same thing.

有什么想法吗?

谢谢.

推荐答案

这是PHP安全性的一部分，您说是从php脚本运行它，而不是从Apache通过php脚本运行它.

This is part of PHP security you say you're running it from a php script and your not your running it from Apache via a php script.

PHP Web脚本不应具有root用户访问权限，因为它们以与Apache用户www-data相同的权限运行.

PHP web scripts should not have root access as such they run under the same permissions as Apache user www-data.

有一些方法可以防止php以root身份运行，但以root身份运行任务，但这有点hacky，我不会共享代码，但是我会解释，因此您可以进行研究.这是从哪里开始

There are ways to prevent php running as root but run a task as root but it's a little hacky and I'm not going to share the code but I will explain so you can look into it. here is where to start

http://php.net/manual/en/function.proc -open.php

使用这样的过程，您可以执行proc.就像您的script.js通过使用SUDO的nodeJS一样，然后读取stdOut和stdErr等待密码请求，然后通过为该过程写入stdIn来提供密码请求.

With a Proccess like this you can then execute a proc. Like your script.js via nodeJS using SUDO and then read stdOut and stdErr wait for password request then provide it by writing to stdIn for that process.

不要忘记这样做，用户www-data必须具有密码并在sudoers列表中

Don't forget in doing this the user www-data has to have a password and be in the sudoers list

根据OP的评论 由于SUDO的工作方式，PATH似乎不包含节点可执行文件的路径npm, node，因此，您最好构建一个.sh(bash脚本)并使用sudo来运行它.

Per the OPs Comment Due to the way SUDO works the PATH does not appear to contain the path to the node executables npm, node so your best of building a .sh (bash script) and using sudo to run that.

您仍然需要监视此过程，因为它仍然会要求输入密码

You still need to monitor this process as it will still ask for a password

#!/bin/bash
sudo -u ec2-user -i
# change this to the path you want to run from
cd ~
/usr/local/bin/pm2 -v 

这篇关于从PHP脚本以WWW-DATA形式启动FOREVER或PM2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！