如何从PHP网站作为特定的Windows用户运行可执行文件? [英] How to run executable from PHP website as a specific Windows user?
问题描述
默认情况下,PHP在 IUSR 帐户下运行。直接执行时:
$ lastline = exec('D:\\MyProgram.exe',$ output,$ return_var );
它运行,但由于权限不足,程序无法执行任务。我的问题是:如何在PHP网站的特定Windows帐户下运行可执行文件?
我试过:
通过 Sysinternals PsExec 执行时:
$ lastline = exec('D:\\PsExec.exe -u UserName -p Password -accepteulaD :\\MyProgram.exe',$ output,$ return_var);
MyProgram.exe甚至根本不执行。 PHP抛出空输出,return_var是 -1073741502 。我假设这是某种未处理的异常。
通过 lsrunas :
$ lastline = exec('D:\\lsrunas.exe / user:UserName / password:Password / domain:DOMAIN /command:\"D:\\MyProgram.exe/ runpath:D:\\' $ output,$ return_var);
MyProgram.exe也不执行。 PHP抛出空输出,return_var为 0 。
runas 命令无效,因为它不接受密码作为参数。
尝试使用不同的PHP函数,如 shell_exec ,系统和 passthru
尝试在IIS下创建新的应用程序池,在LOCAL SERVICE下运行网站, SYSTEM或特定用户。
编辑:这是我错了的地方。
有人有工作建议吗?
注意:所有命令都是通过命令行直接工作和测试的。
我一直在挖掘,发现唯一的工作是一个专用的应用程序池。
- 在IIS下创建新的应用程序池
- 在
高级设置>中设置用户名和密码。身份>自定义帐户 - 设置
高级设置>将用户个人资料加载到true(这很重要) - Create a new Application Pool under IIS
- Set username and password in
Advanced Settings > Identity > Custom account - Set
Advanced Settings > Load User Profiletotrue(this one is important) - Choose this pool under Basic Settings of a site,
- 或 - 为了更好的安全性:
。 5.将所有命令相关代码移动到您网站中的一个部分,将其转换为应用程序,并将其应用于该应用程序池。
重要注意事项(!):
如果您通过FastCGI运行PHP,则必须在<$ c中设置 fastcgi.impersonate = 0 $ c> php.ini 文件。
测试批处理文件:
要测试谁正在运行该进程,您可以将以下代码保存到 *。bat 文件并从PHP调用它。 p>
@echo off
SET now =%date%%time%
SET out = [%now%] %userdomain%\%username%
echo%out%
echo%out%> D:\hello.txt
:: msg *%out%
如果%username%==SpecificUser(
exit / B 100
)else(
exit / B 200
)
c> SpecificUser 与您需要的用户名。有时你会看到没有输出。退出代码将帮助你。
如果你看不到任何输出或退出代码,这个脚本会输出用户名到一个文本文件。用您需要的路径替换 D:\hello.txt 。
By default PHP runs under IUSR account. When executed directly:
$lastline = exec('D:\\MyProgram.exe', $output, $return_var);
It runs, but the program is unable to do it's tasks due to insufficient privileges. My question is: How do I run an executable under a specific Windows account from a PHP website?
I've tried:
When executed through Sysinternals PsExec:
$lastline = exec('D:\\PsExec.exe -u UserName -p Password -accepteula "D:\\MyProgram.exe"', $output, $return_var);
MyProgram.exe does not even execute at all. PHP throws empty output and return_var is -1073741502. I assume this is some sort of unhandled exception.
When executed through lsrunas:
$lastline = exec('D:\\lsrunas.exe /user:UserName /password:Password /domain:DOMAIN /command:"D:\\MyProgram.exe" /runpath:D:\\', $output, $return_var);
MyProgram.exe does not execute either. PHP throws empty output and return_var is 0.
Microsoft's built in runas command doesn't work because it doesn't accept password as a parameter.
Tried using different PHP functions like shell_exec, system and passthru
Tried creating a new Application Pool under IIS, to run the website under LOCAL SERVICE, SYSTEM, or a specific user. EDIT: This is where I went wrong. It should work, but fails when Load User Profile setting is not enabled (step 3 in my answer).
Does anyone have working suggestions?
Note: All commands are working and tested through command line directly.
I kept digging and found out that the only thing that works is a dedicated application pool.
-or- for a better security:
. 5.Move all command-relatied code to one section within your website, convert it to application and apply that Application Pool to it. Then you can restrict any public access to that part and safely call that functionality from the other parts of your site.
Important note (!):
If you're running PHP via FastCGI, you must set fastcgi.impersonate = 0 in php.ini file.
Test batch file:
To test who is running the process you can save the following code to a *.bat file and call it from PHP.
@echo off
SET now=%date% %time%
SET out=[%now%] %userdomain%\%username%
echo %out%
echo %out% > D:\hello.txt
::msg * "%out%"
if %username%=="SpecificUser" (
exit /B 100
) else (
exit /B 200
)
Replace SpecificUser with your desired user name. Sometimes you'll see no output. The exit codes will help you then.
In case you can't see any output or exit code at all, this script will output the username to a text file. Replace D:\hello.txt with your desired path.
这篇关于如何从PHP网站作为特定的Windows用户运行可执行文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
