PHP about Shell script permissions problem analysis

1. Sudo introduction

sudo allows root to be assigned to ordinary users with some rights that are not available, so that ordinary users can also have root privileges (such as sudo can be assigned to certain user specific command execution rights).
One of the important files of Sudo is/etc/sudoers, which users have what kind of commands can be executed by this file, mainly only the users who are assigned to use sudo.

SUDO-L lists the commands that the user can execute Sudo-u user to  execute the command  sudo-k clear the time on the ticket, enter the password the next time you use sudo  sudo-b execute the command in the background

You can open the/etc/sudoers file by entering vim inside the terminal.
Places to find:

The content of the red box is my own later add, which www is php running users, different environments under the default name will not be the same, I am under the CentOS for the www.

Users who view PHP running can get it from the PHP page below.

<?php       Echo shell_exec ("id-a");  ? >

Look at each row in the picture has three all, the first all represents the host in the network, the second parenthesis inside all represents the target user, who is the identity to execute the command, and the last all represents the executable command name (you can specify which command you want the user to be able to execute).

Where nopasswd indicates that no password is entered. (For convenience, otherwise I access through the browser is not the program inside more than the way to fill in the password, but also to wait for feedback, really trouble, so much more convenient)

If Ubuntu does not have to be modified, if Fedora and so on will need to make some changes,

Defaults Env_reset Open on it (that is, the previous # number is removed);

1. Check if Safe mode is turned on in the php.ini configuration file

Safe_mode =  off so you can.

PHP executes a Linux script function has several, shell_exec (), System (), and so on, there is not much to do, the use of the line, I use the system () function.
route.php

<?php  $ip = (string) $_post["IP"];  System ("su./route.sh $ip", $status);  if ($status = = ' true ')  {      echo "setting succeeded";  }  else  {      echo "Setup failed";  }  ? >

After the setup is done, the browser will display the settings successfully, indicating that the script executed successfully.

1.php execution shell is actually used by Apache or Nginx users to execute, PHP itself does not create users.
2. Reproduced by

Since the previous time in the ECS is logged in as the root user and operation, so basically no use of sudo, but the recent project needs to do this: through the browser to access the PHP page, PHP Web page will be called to execute a script under Linux. Originally this thing is very simple, but I in the actual operation, found every time through the browser access, the script is not executed, and I in the terminal through the command line to execute the PHP page is not any problem, then felt very different, and then thought carefully, Through the browser access and directly in the terminal to execute its initiator is not the same, think should be the user rights issues, so on the Internet to check, the result is sudo so.
1. Sudo introduction

sudo allows root to be assigned to ordinary users with some rights that are not available, so that ordinary users can also have root privileges (such as sudo can be assigned to certain user specific command execution rights).
One of the important files of Sudo is/etc/sudoers, which users have what kind of commands can be executed by this file, mainly only the users who are assigned to use sudo.

SUDO-L lists the commands that the user can execute Sudo-u user to  execute the command  sudo-k clear the time on the ticket, enter the password the next time you use sudo  sudo-b execute the command in the background

You can open the/etc/sudoers file by entering vim inside the terminal.
Places to find:

The content of the red box is my own later add, which www is php running users, different environments under the default name will not be the same, I am under the CentOS for the www.

Users who view PHP running can get it from the PHP page below.

<?php       Echo shell_exec ("id-a");  ? >

Look at each row in the picture has three all, the first all represents the host in the network, the second parenthesis inside all represents the target user, who is the identity to execute the command, and the last all represents the executable command name (you can specify which command you want the user to be able to execute).

Where nopasswd indicates that no password is entered. (For convenience, otherwise I access through the browser is not the program inside more than the way to fill in the password, but also to wait for feedback, really trouble, so much more convenient)

If Ubuntu does not have to be modified, if Fedora and so on will need to make some changes,

Defaults Env_reset Open on it (that is, the previous # number is removed);

1. Check if Safe mode is turned on in the php.ini configuration file

Safe_mode =  off so you can.

PHP executes a Linux script function has several, shell_exec (), System (), and so on, there is not much to do, the use of the line, I use the system () function.
route.php

<?php  $ip = (string) $_post["IP"];  System ("su./route.sh $ip", $status);  if ($status = = ' true ')  {      echo "setting succeeded";  }  else  {      echo "Setup failed";  }  ? >

After the setup is done, the browser will display the settings successfully, indicating that the script executed successfully.

1. PHP execution shell is actually used by Apache or Nginx users to execute, PHP itself does not create users.