运行“sudo”来自 PHP 脚本的命令?
我想从 PHP 运行“sudo”命令,并且我已阅读网络上的所有教程,但没有解决方案有效。至少我已将 LAMP 的默认“nobody”用户添加到根组中 - 但没有效果。
echo exec("sudo echo hi");
关于安全性的说明:
虽然这里有些人对此表示反对,因为他们坚信这将造成一个巨大的安全漏洞,从而摧毁整个互联网,但也有一些有效的案例,例如,测试。从 PHPUnit / Behat 套件运行设置脚本来配置环境可能需要 sudo 权限。这些脚本无法从应用程序访问,也不会产生安全漏洞,因为事实上它们有助于确保不存在此类漏洞。
I want to run a "sudo" command from the PHP and I have read all the tutorials on the web, but no solution works. At least I've added the default "nobody" user of LAMP to the root group – but no effect.
echo exec("sudo echo hi");
A note on security:
While some people here are downvoting this due to their strong belief that this will create a big security hole that will destroy the entire Internet, there are some valid cases for this, e.g., in testing. Running setup scripts from PHPUnit / Behat suites to configure the environment may require sudo permission. Those scripts are not accessible from the application and do not create security holes, as the matter of fact they help to ensure such holes are not present.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
将用户添加到 root 组并不会给他们 sudo 权限,这就是 /etc/sudoers 的用途。
说实话,你想要做的事情听起来像是一个巨大的安全漏洞
编辑:从评论复制...
我的建议是,在 root 用户下设置一个 cron,检查你的文件或数据库PHP 可以写入、解析它并删除您指定的用户。
Adding users to the root group does not give them sudo rights, that is what /etc/sudoers is for.
To be honest, what you're trying to do sounds like a giant security hole
EDIT: copied from comments...
My suggestion would be something like, setting up a cron under the root user, that checks against a file or db that your PHP can write to, parses it, and remove the users you've specified.
我认为你应该在你的脚本上运行 chmod u+s 。或者可能是 ug+s (取决于您的需要)。这样你就可以访问 su 了。
I think you should run chmod u+s on your script. Or maybe ug+s (Depending on your need). This way you will have su access.
您应该将您的网络服务器用户添加到
/etc/sudoers文件中you should add your web-server user to
/etc/sudoersfile你首先需要找到你的网络服务器的用户并给他们root权限,上面的代码会告诉你这一点,但正如其他人所说,这是一个巨大的安全漏洞,我强烈不推荐它。
You first need to find the user of your webserver and give them root privialges, the above code will tell you this, but as others say THIS IS A MASSIVE SECURITY HOLE and I strongly do not recommend it.
抛开所有安全因素不谈,这是可能的。事实上,正如 Jon Stirling 所说,将用户添加到特定组不会对您有帮助。您需要以“visudo”作为 root 指定正确的 sudo 行,例如:
这将使 root 用户以 root 用户身份执行命令“/usr/bin/echo hi”。
现在通过 PHP 执行它:
All the security stuff aside, this is possible. Indeed as Jon Stirling has stated, adding users to a specific group is not going to help you. You need to specify the correct sudo lines with "visudo" as root, eg:
This will let the user root, execute the command "/usr/bin/echo hi" as the user root.
Now for executing it via PHP: