通过 php 用户对 root 进行 Linux 屏幕管理
我想制作一个脚本,可以在 root 用户的 screen 中运行某些内容。这必须通过 php system() 函数完成,因此我需要找到 sudo 到 root 并传递密码的方法,所有这些都使用 PHP。
I want to make a script that would run something in screen on root user. This has to be done through php system() function therefore I need to find out way to sudo to root and pass a password, all using PHP.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您确实需要从 PHP 执行
sudo(不推荐),最好只允许特定命令而不需要密码。例如,如果 PHP 以
apache用户身份运行,并且您需要运行/usr/bin/myapp,则可以将以下内容添加到/etc/ sudoers(或 sudoers 所在的任何地方):这意味着用户
apache可以在没有密码的情况下以root身份运行/usr/bin/myapp,但应用程序无法执行任何其他操作。If you really need to
sudofrom PHP (not recommended), it's best to only allow specific commands and not require password for them.For example, if PHP is running as the
apacheuser, and you need to run/usr/bin/myapp, you could add the following to/etc/sudoers(or wherever sudoers is):This means that user
apachecan run/usr/bin/myappasrootwithout password, but the app can't execute anything else.我确信一定有一种比你试图创建的机制更好的方法来完成你想要完成的任何事情。
如果您只想将消息从 php 脚本写入某个地方的单个
screen会话,请尝试以下操作:在 php
使用追加写入访问权限打开文件:
写入您的文件:
在屏幕会话中
如果您不能在屏幕会话中运行
tail,则可以使用write(1)实用程序来编写消息发送到不同的终端。有关此机制的详细信息,请参阅write(1)和mesg(1)。 (我不像日志文件方法那样喜欢它,因为它是持久的并且可以稍后搜索。但我不知道你到底想要完成什么,所以这是另一个可能比< code>tail -F 在日志文件上。)I'm sure there must be a better way to do whatever it is you're trying to accomplish than whatever mechanism you're trying to create.
If you simply want to write messages from a php script to a single
screensession somewhere, try this:In php
Open a file with append-write access:
Write to your file:
In your screen session
If you can't just run
tailin a screen session, you can use thewrite(1)utility to write messages to different terminals. Seewrite(1)andmesg(1)for details on this mechanism. (I don't like it as much as the logfile approach, because that is durable and can be searched later. But I don't know exactly what you're trying to accomplish, so this is another option that might work better thantail -Fon a log file.)