Running an external program that only the root user can run in PHP is an old problem that is hard to achieve with conventional methods. This is because in general, PHP is as a module of Apache, that is, PHP is part of Apache, and Apache in addition to the suexec mechanism, is not a different user ID to execute the command, but the suexec mechanism can only be CGI effective.
There was an article on the web that used the call "Su-C command" to be implemented, but after several experiments, it was not possible because the SU command had to enter the root password on stdin.
What to do? It's hard to work in a conventional way, just think of other ways. The key to success is the ability to have a tool that toggles the user ID but can also enter a password (or not enter a password) on the command. Do you have a tool like that? Yes, it's super.
How do you do that?
Be aware that the installation and configuration of super are done as root.
First step, switch to root
Step two, install Super
Download super-3.14.0-1.i386.rpm first to Ftp://ftp.mdtsoft.com/pub/super. This is an RPM file, and the other includes two tools: Setuid and Super, as well as their documentation and man manuals. Install it to the system with the following command:
% RPM-UVH super-3.14.0-1.i386.rpm
You can also use this command to view the files in this RPM:
% RPM-QPL super-3.14.0-1.i386.rpm
As you can see from the results, all two tools will be installed in the/bin directory.
Step three, configure Super
The configuration file for super is/etc/super.tab. This is a text file, and the format is also more complex. However, we can simply add a few lines here. For detailed instructions, you can view it through the man Super.tab.
Assuming that the user running Apache is nobody and we want to add the system user (invoke the Useradd command) through super, we simply add the following line to the Super.tab file:
Auser/sbin/useradd Nobody,hunte
The first paragraph is an alias for a command that super can recognize; the second paragraph is the full path to the system command for that alias, and the third is the list of users who can run the command, separated by commas. In addition to nobody, there is also a common user called Hunte, which is used for the following tests. Of course, you should use any of the regular users in your system.
At this point, super configuration even better.
Step Fourth, test
Log in with the nobody user specified in step three to run:
%/bin/super Auser testuser
If there is nothing wrong with the previous configuration, the user testuser should have been successfully created. Can be used:
% CAT/ETC/PASSWD | grep testuser
command to verify.
Step fifth, call the command in PHP
Here is the PHP code:
?
if ($username)
{
You should check to see if the new user already exists
Echo ' is creating user < $username ... ';
System (Escapeshellcmd ("/bin/super auser $username"));
}
?>
Using super makes it no longer difficult to run external commands as root in PHP. Try it.
Test environment: RedHat Linux 7.0 (Kernel 2.4.3) + Apache 1.3.9 + PHP 4.0.4PL1
CHPASSWD.CGI is a CGI program that modifies the password of a Linux user to make up for a defect that requires two password entries to change the password
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
