PHP shell_exec() 和 sudo:必须是 setuid root
我有一个 shell_exec() 命令来访问文档根目录上方的目录,因此我需要使用 sudo “作为 root”来实现它。 (我了解安全问题并正在采取措施解决它)。
问题是当我运行 shell_exec() 时,我的 apache error_log 文件中出现“sudo:必须是 setuid root”错误。
我认为解决方案是 chmod 4750 由我的 sheel_exec() 调用的 bash 脚本,但这并不能完成任务。
“sudo:必须是 setuid root”到底是什么试图告诉我,我该如何解决它?
I have a shell_exec() command that accesses a directory above my document root so I need to use sudo "as root" to make it happen. (I understand the security issues and am putitng in measures to address it).
The issue is when I run the shell_exec() I get a "sudo: must be setuid root" error in my apache error_log file.
I thought the solution was to chmod 4750 the bash script that is called by my sheel_exec() but that does not do the job.
What exactly is "sudo: must be setuid root" trying to tell me and how might I resolve it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
sudo可执行文件本身是否 setuid root?您可能需要Is the
sudoexecutable itself setuid root? You may need to或者,完全跳过
sudo。如果您的脚本由 root 用户拥有并设置了自己的 setuid 位,那么您不需要使用 sudo 来获取 root 权限。事实上,这样会更安全;您保证您的网络用户只能使用该脚本,而无需编辑 sudoers。为此,请从shell_exec()行删除 sudo:Alternatively, skip
sudoaltogether. If your script is owned by root and has its own setuid bit set, then you don't need to use sudo to get root privileges. In fact, it can be more secure that way; you guarantee that your web user can only use that script, without having to edit sudoers. To do so, remove sudo from yourshell_exec()line:你检查过你的脚本的权限吗?
谁拥有该脚本?
Web用户是否有sudo的权限?
Did you check the permissions for your script?
Who is owning the script?
Does the web user has the rights to sudo?
要解决此问题,您需要以 root 身份 chown 和 chmod sudo 文件,如下所示。
To fix this problem you need to chown and chmod sudo file as root as below.