PHP about Shell script permissions problem analysis

Source: Internet
Author: User
1. Sudo introduction

sudo allows root to be assigned to ordinary users with some rights that are not available, so that ordinary users can also have root privileges (such as sudo can be assigned to certain user specific command execution rights).
One of the important files of Sudo is/etc/sudoers, which users have what kind of commands can be executed by this file, mainly only the users who are assigned to use sudo.

SUDO-L lists the commands that the user can execute Sudo-u user to  execute the command  sudo-k clear the time on the ticket, enter the password the next time you use sudo  sudo-b execute the command in the background

You can open the/etc/sudoers file by entering vim inside the terminal.
Places to find:

The content of the red box is my own later add, which www is php running users, different environments under the default name will not be the same, I am under the CentOS for the www.

Users who view PHP running can get it from the PHP page below.

<?php       Echo shell_exec ("id-a");  ? >

Look at each row in the picture has three all, the first all represents the host in the network, the second parenthesis inside all represents the target user, who is the identity to execute the command, and the last all represents the executable command name (you can specify which command you want the user to be able to execute).

Where nopasswd indicates that no password is entered. (For convenience, otherwise I access through the browser is not the program inside more than the way to fill in the password, but also to wait for feedback, really trouble, so much more convenient)

If Ubuntu does not have to be modified, if Fedora and so on will need to make some changes,

Defaults Env_reset Open on it (that is, the previous # number is removed);

    1. Check if Safe mode is turned on in the php.ini configuration file

Safe_mode =  off so you can.

PHP executes a Linux script function has several, shell_exec (), System (), and so on, there is not much to do, the use of the line, I use the system () function.
route.php

<?php  $ip = (string) $_post["IP"];  System ("su./route.sh $ip", $status);  if ($status = = ' true ')  {      echo "setting succeeded";  }  else  {      echo "Setup failed";  }  ? >

After the setup is done, the browser will display the settings successfully, indicating that the script executed successfully.

1.php execution shell is actually used by Apache or Nginx users to execute, PHP itself does not create users.
2. Reproduced by

Since the previous time in the ECS is logged in as the root user and operation, so basically no use of sudo, but the recent project needs to do this: through the browser to access the PHP page, PHP Web page will be called to execute a script under Linux. Originally this thing is very simple, but I in the actual operation, found every time through the browser access, the script is not executed, and I in the terminal through the command line to execute the PHP page is not any problem, then felt very different, and then thought carefully, Through the browser access and directly in the terminal to execute its initiator is not the same, think should be the user rights issues, so on the Internet to check, the result is sudo so.
1. Sudo introduction

sudo allows root to be assigned to ordinary users with some rights that are not available, so that ordinary users can also have root privileges (such as sudo can be assigned to certain user specific command execution rights).
One of the important files of Sudo is/etc/sudoers, which users have what kind of commands can be executed by this file, mainly only the users who are assigned to use sudo.

SUDO-L lists the commands that the user can execute Sudo-u user to  execute the command  sudo-k clear the time on the ticket, enter the password the next time you use sudo  sudo-b execute the command in the background

You can open the/etc/sudoers file by entering vim inside the terminal.
Places to find:

The content of the red box is my own later add, which www is php running users, different environments under the default name will not be the same, I am under the CentOS for the www.

Users who view PHP running can get it from the PHP page below.

<?php       Echo shell_exec ("id-a");  ? >

Look at each row in the picture has three all, the first all represents the host in the network, the second parenthesis inside all represents the target user, who is the identity to execute the command, and the last all represents the executable command name (you can specify which command you want the user to be able to execute).

Where nopasswd indicates that no password is entered. (For convenience, otherwise I access through the browser is not the program inside more than the way to fill in the password, but also to wait for feedback, really trouble, so much more convenient)

If Ubuntu does not have to be modified, if Fedora and so on will need to make some changes,

Defaults Env_reset Open on it (that is, the previous # number is removed);

    1. Check if Safe mode is turned on in the php.ini configuration file

Safe_mode =  off so you can.

PHP executes a Linux script function has several, shell_exec (), System (), and so on, there is not much to do, the use of the line, I use the system () function.
route.php

<?php  $ip = (string) $_post["IP"];  System ("su./route.sh $ip", $status);  if ($status = = ' true ')  {      echo "setting succeeded";  }  else  {      echo "Setup failed";  }  ? >

After the setup is done, the browser will display the settings successfully, indicating that the script executed successfully.

    1. PHP execution shell is actually used by Apache or Nginx users to execute, PHP itself does not create users.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.