PHP executes shell script with root privileges in Linux

Source: Internet
Author: User
Tags mkdir php script apache log

This evening: 19:30 points, this troubled me for a long time to finally solve the problem, the principle is finally clear, in short, the use of sudo to give Apache user root executive authority, the following record:

Using PHP to execute a shell script with root privileges must be done in the following steps: (all the steps are my own experiments, if there are improper to point out, thank you!) )

1. Determine who your Apache execution user is. Note: Not necessarily is nobody, I install the httpd, my Apache user is daemon

2. Use Visudo for your Apache execution user to give root execute permissions, and of course there is no password set. Note: For the sake of security, it is best to create a new user, so that he can execute as Apache (Modify the httpd.conf file, as I will point out later)

3. This step is simple, write your script, using PHP exec,system ... function to execute.

The next step is the detailed implementation process:

1. Check out who your Apache execution user is: Lsof-i:80 after running the results are:

From the diagram we can see Clearly, httpd (that is, Apache) to execute the User: Exec_shell (Note: This is my machine after the user, just to explain, you certainly not this! )

Determine who the Apache performer is on your Linux, and for the sake of security, create a new user to modify the Apache execution user to our new user.

2. New Apache Execution user

Useradd Your_exec_user We know that creating a user will default to creating a user group with the same user name, which means now we also have a Your_exec_user user group

Let's modify the Apache configuration file so that its execution user changes to the user we just created Your_exec_user:

Vi/home/houqingdong/httpd-exe/config/httpd.conf (This is the directory where your Apache resides)

Find the place below and modify the new user for you: Your_exec_user

Restart Apache:/home/houqingdong/httpd-exe/bin/apachect1 restart-------------> after reboot you can use: lsof-i:80 to check out 。

3. Execute Visudo (or vi/etc/sudoers), give root permission to Your_exec_user, and do not need a password, there is a step of important modification (this is where I'm haunted)

Visudo find this place, add Your_exec_user, and set no password

I did this before, and I went through the PHP script, and the results were unsuccessful, and it was frustrating that I switched to the Your_exec_user user directly to execute it successfully.

Later, I looked at Apache log files and found that:

It is obvious here that when Sudo is executed it is necessary to have a TTY run sudo, to know where the problem is to be solved: vi/etc/sudoers the following sentence:

This is because by default, executing sudo requires a terminal, which is commented out here. Next, write your shell script and PHP commands.

4. Here is a simple script that I wrote, using the $directory and $name from the PHP side to create a $name directory under that directory

#!/bin/bash
#Program # This program would     execute MKDIR:CD $directory mkdir $name
path=/bin:/sbin:/ Usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
Export PATH
CD $
[! d $]; then
    mkdir $2< C8/>else
    echo "already exist ..."
    exit 1
fi

The simple feature is that you go to $directory to determine if the directory name you want to create exists, and then create the directory.

Constructed PHP execution function: (partial)

if ($type = = "dir") {
          $make _dir_command= "/usr/bin/sudo/home/houqingdong/myshell/mkdir.sh/$directory/$name";
          echo $make _dir_command;
          EXEC ($make _dir_command, $output, $return);

              if ($return = = 0) {
                  echo <script>alert (' Build directory seccuss! '); location.href= ' right.php?id= ' $directory "';</script>";
              } else{
                  echo "<script>alert (' Build directory err! '); History.go ( -1);</script> ";
              }

Here's a passing phrase: it 's best to use absolute paths in a constructed command .

5. Implementation results at the end of the page:

After submission, a prompt to execute the results will not pop up for a few seconds:

Executed successfully in our/home/directory:

Ha ha... Done! (Thanks for saving Brother's help to guide!) )

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.