使用php从linux访问windows共享文件夹 [英] Access windows shared folders from linux with php
问题描述
我需要能够使用在 Linux 服务器上运行的 php 脚本访问多个 Windows 服务器上的某些共享文件夹.我只需要获取文件夹中包含的文件的名称以及它们创建时的时间戳.
I need to be able to access some shared folders on a number of windows server using a php script running on a Linux server. I only need to get the names of the files contained in the folders and the timestamp for when they where created.
到目前为止,我想出的唯一解决方案是在 Linux 中安装共享并从那里访问它.虽然这解决了问题,但我必须以 root 身份执行(据我所知),这意味着我要么必须以 root 身份运行脚本,这只是愚蠢的,或者手动挂载所有共享,这将是一个严重的痛苦长期管理.
The only solution I've come up with so far is to mount the share in Linux and access it from there. While this solves the problem, I have to do it as root (as far as I'm aware) which means that I either have to run scripts as root which is just plain stupid, or manually mount all shares which will be a serious pain to manage in the long run.
这就引出了两个问题.
- 有人知道更好的方法吗?如果需要,我拥有所有计算机的管理权限.
- 在这里我必须处理哪些安全问题?我需要攻克根本问题,我需要保证linux/php脚本不能在windows机器上编辑/删除文件,但我想可能比那些潜伏在黑暗中的问题更多.
推荐答案
数百台服务器来来去去的频率足够高,编辑 /etc/fstab 以添加新的文件系统绝对是一个令人讨厌的限制.
Having several hundred servers come and go with great enough frequency that editing /etc/fstab to add new filesystems is definitely an annoying constraint.
如果您所做的只是列出服务器上的文件和修改时间,那么 smbclient(1) 命令是一个很好的起点.smbclient(1) 很像 SMB 和 CIFS 共享的 FTP 接口.-c 命令行选项让你运行一个特定的命令;类似:
If all you're doing is listing files and modification times on the server, then the smbclient(1) command is a good starting point. smbclient(1) is a lot like an FTP interface for SMB and CIFS shares. The -c command line option lets you run a specific command; something like:
smbclient //$servername/$sharename -c "dir path/to/directory/"
如果您打算对文件做更多的事情而不仅仅是列出修改时间,那么将共享安装为文件系统将减少连接和身份验证请求的数量,并可能进行解析 stat(2) 输出比解析数据的纯文本表示要容易得多.
If you're going to be doing more with the file than just listing modification times, then mounting the share as a filesystem will reduce the number of connect and authentication requests, and perhaps make parsing stat(2) output far easier than parsing plain-text representations of the data.
如果您想沿着挂载文件系统的路线走下去,请先拆分您的脚本.
If you want to go down the route of mounting your filesystems, first split apart your script.
一小部分应该带有服务器名、共享路径和可选的挂载路径;它将(服务器、共享、路径)添加到 /etc/fstab.
One small piece should take a servername, share path, and an optional mount path; it adds the (server, share, path) to /etc/fstab.
这部分可能是 setuid root.(这很危险,但胜过以 root 身份运行整个 PHP 脚本.)
This portion could be setuid root. (Which is dangerous, but beats running the entire PHP script as root.)
或者,您可以使用 acl(5) 支持挂载文件系统并添加新的访问控制条目:
Or, you could mount your filesystems with acl(5) support and add a new access control entry:
mount / -oremount,acl
setfacl -m www::rw /etc/fstab
现在 www 用户有权限修改 /etc/fstab 文件.(请注意,当使用 ACL 授予用户对 /etc/fstab 的写访问权限时,我还没有实际测试 addmntent(3).)请务必修改 addmntent(3)code>/etc/fstab 总是挂载 / 并带有 acl 支持,所以这可以跨重启工作.
Now the www user has privileges to modify the /etc/fstab file. (Note that I haven't actually tested addmntent(3) when ACLs have been used to give a user write access to /etc/fstab.) Be sure to modify /etc/fstab to always mount / with acl support, so this works across reboots.
您可以使用addmntent(3) C 库函数向/etc/fstab 添加新条目.如果您要使用 setuid root 可执行文件,我会选择 C 而不是脚本语言,无论如何我可能会选择 C 而不是脚本语言,因为 addmntent(3) 已经知道如何将正确格式的挂载条目写入 /etc/fstab.
You can use the addmntent(3) C library function to add new entries to /etc/fstab. I'd pick C over a scripting language if you're going to use a setuid root executable, and I'd probably pick C over a scripting language anyway, because addmntent(3) already knows how to write correctly formatted mount entries to /etc/fstab.
包括 user 和 noauto 选项,这样您的脚本就可以无特权运行,并且仍然可以根据需要挂载共享.
Include the user and noauto options so your script can run unprivileged and still mount shares as it needs them.
这篇关于使用php从linux访问windows共享文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
