This evening: 19:30 points, this troubled me for a long time to finally solve the problem, the principle is finally clear, in short, the use of sudo to give Apache user root executive authority, the following record:
Using PHP to execute a shell script with root privileges must be done in the following steps: (all the steps are my own experiments, if there are improper to point out, thank you!) )
1. Determine who your Apache execution user is. Note: Not necessarily is nobody, I install the httpd, my Apache user is daemon
2. Use Visudo for your Apache execution user to give root execute permissions, and of course there is no password set. Note: For the sake of security, it is best to create a new user, so that he can execute as Apache (Modify the httpd.conf file, as I will point out later)
3. This step is simple, write your script, using PHP exec,system ... function to execute.
The next step is the detailed implementation process:
1. Check out who your Apache execution user is: Lsof-i:80 after running the results are:
From the diagram we can see Clearly, httpd (that is, Apache) to execute the User: Exec_shell (Note: This is my machine after the user, just to explain, you certainly not this! )
Determine who the Apache performer is on your Linux, and for the sake of security, create a new user to modify the Apache execution user to our new user.
2. New Apache Execution user
Useradd Your_exec_user We know that creating a user will default to creating a user group with the same user name, which means now we also have a Your_exec_user user group
Let's modify the Apache configuration file so that its execution user changes to the user we just created Your_exec_user:
Vi/home/houqingdong/httpd-exe/config/httpd.conf (This is the directory where your Apache resides)
Find the place below and modify the new user for you: Your_exec_user
Restart Apache:/home/houqingdong/httpd-exe/bin/apachect1 restart-------------> after reboot you can use: lsof-i:80 to check out 。
3. Execute Visudo (or vi/etc/sudoers), give root permission to Your_exec_user, and do not need a password, there is a step of important modification (this is where I'm haunted)
Visudo find this place, add Your_exec_user, and set no password
I did this before, and I went through the PHP script, and the results were unsuccessful, and it was frustrating that I switched to the Your_exec_user user directly to execute it successfully.
Later, I looked at Apache log files and found that:
It is obvious here that when Sudo is executed it is necessary to have a TTY run sudo, to know where the problem is to be solved: vi/etc/sudoers the following sentence:
This is because by default, executing sudo requires a terminal, which is commented out here. Next, write your shell script and PHP commands.
4. Here is a simple script that I wrote, using the $directory and $name from the PHP side to create a $name directory under that directory
#!/bin/bash
#Program # This program would execute MKDIR:CD $directory mkdir $name
path=/bin:/sbin:/ Usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
Export PATH
CD $
[! d $]; then
mkdir $2< C8/>else
echo "already exist ..."
exit 1
fi
The simple feature is that you go to $directory to determine if the directory name you want to create exists, and then create the directory.
Constructed PHP execution function: (partial)
if ($type = = "dir") {
$make _dir_command= "/usr/bin/sudo/home/houqingdong/myshell/mkdir.sh/$directory/$name";
echo $make _dir_command;
EXEC ($make _dir_command, $output, $return);
if ($return = = 0) {
echo <script>alert (' Build directory seccuss! '); location.href= ' right.php?id= ' $directory "';</script>";
} else{
echo "<script>alert (' Build directory err! '); History.go ( -1);</script> ";
}
Here's a passing phrase: it 's best to use absolute paths in a constructed command .
5. Implementation results at the end of the page:
After submission, a prompt to execute the results will not pop up for a few seconds:
Executed successfully in our/home/directory:
Ha ha... Done! (Thanks for saving Brother's help to guide!) )