允许EC2上的Apache通过CGI脚本运行sudo命令 [英] Allowing Apache on EC2 to run sudo commands via CGI script

问题描述

我有一个在AWS上运行的Amazon(AMI)Linux EC2实例.我正在创建一个Perl脚本，当通过Web URL(CGI脚本)调用它时，它将创建目录.

I have an Amazon (AMI) Linux EC2 instance running on AWS. I'm create a perl script that will create directories when it is called through a web url (CGI script).

但是，由于浏览器正在执行脚本，因此用户apache正在运行perl脚本.因为不使用sudo不允许apache执行mkdir命令，所以不会创建任何目录.

However, because the browser is executing the script, the user apache is running the perl script. Because apache is not allowed to do mkdir command without using sudo none of the directories are being created.

我已经修改了脚本权限，可以通过浏览器执行(755)，但是mkdir命令都不起作用.

I've modified the scripts permissions to execute (755) via the browser, however none of the mkdir commands work.

我什至尝试在perl脚本中使用sudo命令，但是我没有运气.但是，所有非sudo命令都可以正常工作，例如'cd'等.

I even tried using the sudo command within the perl script, but I have no luck. However, all of the non sudo commands work such as 'cd' etc.

如果有人知道如何解决此问题，我将不胜感激.

If anyone knows how to resolve this issue I would appreciate it.

推荐答案

我已经通过搜索找到了答案.

I've found the answer through searching.

您需要做的第一件事是为当前用户禁用tty.我的网络浏览器会在服务器上以用户"apache"的身份执行任何操作.

The first thing you need to do is disable tty for the current user.. my web browser executes anything as the user 'apache' on the server.

因此，在我的/etc/sudoers文件中添加了

So in my /etc/sudoers file i added

默认值:apache！requiretty

Defaults:apache !requiretty

我还创建了我希望apache使用而无需sudo密码的命令列表

Also i created a list of commands that I want apache to use without requiring the sudo password

Cmnd_Alias APACHE =/bin/mkdir，/bin/rmdir apache ALL =(ALL)NOPASSWD:APACHE

Cmnd_Alias APACHE = /bin/mkdir, /bin/rmdir apache ALL=(ALL) NOPASSWD: APACHE

这仅允许某些sudo命令在我的Web服务器上执行，而无需输入密码.

This allows only certain sudo commands to execute on my web server without requring the password.

注意:仅使用visudo命令打开/etc/sudoers文件...不要仅使用常规vim或nano打开文件，因为如果保存它并出现错误，它将使您的机器崩溃并且您可能必须创建一个全新的服务器，因为任何sudo命令都不会执行.

NOTE: only open the /etc/sudoers file using the visudo command... DO NOT open it using just regular vim or nano because if you save it and theres an error it will **** your machine up and you may have to create a whole new server because any sudo commands wont execute.

u可以使用visudo指定编辑器.例如

u can specify your editor using visudo.. e.g

EDITOR = nano visudo

EDITOR=nano visudo

这篇关于允许EC2上的Apache通过CGI脚本运行sudo命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！