Run the external command as root in PHP [from Osso]
Source: Internet
Author: User
Running external programs that only root users can run in PHP has always been an old problem and is difficult to implement using conventional methods. This is because, in general, PHP is a module of APACHE, that is, PHP is a part of APACHE, and APACHE has the suEXEC mechanism, commands cannot be executed using different user IDs, but the suEXEC mechanism is only valid for CGI. Running external programs that only root users can run in PHP has always been an old problem and is difficult to implement using conventional methods. This is because, in general, PHP is a module of APACHE, that is, PHP is a part of APACHE, and APACHE has the suEXEC mechanism, commands cannot be executed using different user IDs, but the suEXEC mechanism is only valid for CGI.
There was an article on the Internet saying that "su-c COMMAND" can be called, but after many experiments, it was found that the su COMMAND must enter the root password on STDIN.
What should I do? It is difficult to use the conventional method, so you can only think about other methods. The key to success lies in the ability to have a tool that can switch the user ID but can enter the password (or do not need to enter the password) on the command. Is there such a tool? Yes, it is super.
Next, let's talk about how to do it?
Note that installation and configuration of super must be performed as root.
Step 1: Switch to root
Step 2: install super
First go to ftp://ftp.mdtsoft.com/pub/superdownload super-3.14.0-1.i386.rpm. This is an RPM file. Other tools include setuid and super, as well as their documents and man manuals. Run the following command to install it to the system:
% Rpm-Uvh super-3.14.0-1.i386.rpm
You can also use this command to view files in this RPM:
% Rpm-qpl super-3.14.0-1.i386.rpm
The result shows that both tools will be installed in the/bin directory.
Step 3: Configure super
The super configuration file is/etc/super. tab. This is a text file and the format is complex. However, we only need to add a few lines here. For more information, see man super. tab.
Assume that the user running Apache is nobody. to use super to add a system user (call the useradd command), add the following line to the super. tab file:
Auser/sbin/useradd nobody, hunte
The first section is the alias of a command that super can recognize; the second section is the full path of the system command corresponding to the alias; the third section is the list of users who can run the command, separated by commas. In addition to the nobody, a common user called hunte is used for the following tests. Of course, you should use any common user in your system.
So far, super configuration is good.
Step 4: Test
Log on to the non-nobody user specified in step 3 and run:
%/Bin/super auser testuser
If the preceding configuration is correct, testuser should be created successfully. Available:
% Cat/etc/passwd | grep testuser
Command to verify.
Step 5: Call this command in PHP
The following is the PHP code:
If ($ username)
{
// Check whether a new user already exists
Echo 'creating User <$ username> ...';
System (escapeshellcmd ("/bin/super auser $ username "));
}
?>
Using super makes it no longer difficult to run external commands as root in PHP. Try it.
Test Environment: RedHat Linux 7.0 (Kernel 2.4.3) + Apache 1.3.9 + PHP 4.0.4pl1
Chpasswd. cgi is a cgi program that modifies the linux user password. it makes up for the defect that two passwords are required to change the password.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.