开发者

Change user PHP

开发者 https://www.devze.com 2023-03-04 08:52 出处:网络
I need to change the user of a PHP script at runtime. I\'ve looked at posix_setuid, but it looks unsecure and requires root privaledges. What would be preferable is changing the user id of the script

I need to change the user of a PHP script at runtime. I've looked at posix_setuid, but it looks unsecure and requires root privaledges. What would be preferable is changing the user id of the script with the users password (something like posix_setuid($username, $password)), and avoiding running the script as root.

I'm open to other methods, and the script doesn't necessarily need to be PHP. However, it is going to be called from apache.

A good anology to the scenario would be how cPanel su's to the currently logged in user on it's file manager.

I need to change the user because I'm creating a file manager for a multi-user setup. Cur开发者_JS百科rently, I have the file manager set up so that apache serves my PHP file manager as root. However, this is not reasonable, because in case of a security bug in the code, one user can edit files on the entire server.

I'm looking for a way to SU the script to the logged in user so that in case of a security flaw, the user is only restricted to their own files.


I needed to do this a while ago. I basically created a bash script which accessed resources that only root had access to. Here's what I did:

Use the visudo command to change your /etc/sudoers:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
apache ALL= NOPASSWD: /sbin/myscript.sh

I have added the line which allows the apache user to run /sbin/myscript.sh with the sudo command without entering the password.

After that, you can just put the following in your php file to get the output:

$output = shell_exec("sudo /sbin/myscript.sh");


This recent question discusses two options for doing this with PHP:

  • PHP + FastCGI with suexec
  • suPHP
0

精彩评论

暂无评论...
验证码 换一张
取 消