PHP: run linux command as sudo?_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2022-12-16 02:53 出处：网络

I\'m in a bit of trouble and need to run a linux command as sudo using php. Is this possible using php\'s exec()? I\'ve tried but cannot enter the sudo password and then execute another command on the

相关专题：php

I'm in a bit of trouble and need to run a linux command as sudo using php. Is this possible using php's exec()? I've tried but cannot enter the sudo password and then execute another command on the same exec() call.

edit: i cannot access the server remotely via ssh due to own stupidity. That's why i have to run开发者_Python百科 commands thru the web server.

You can grant some privileges for some command to a given user (such as the user that runs your webserver...) with visudo, or have to setsuid the program you want to run, but I strongly disadvise you to do this.

Can't you use a more secure way, for example writting data in a database, and build a daemon robot that often looks in the database, do achieve the job, and this daemon could be granted as root?

You should set up your sudoers not to require a password (NOPASSWD:) for the user that your PHP is running as. Be sure to completely lock down the commands that that user can run via sudo!

Use proc_open which allows you to create a custom pipe to feed data (the user password) when prompted. See the comments at the link for ways to create a custom password pipe.

Update, since you're not able to read.

Snippet from comment by snowleopard at amused dot NOSPAMPLEASE dot com dot au at 05-Jun-2008 02:46 at the previously twice mentioned link. You just need to apply this to your own situation.

    // Set up the descriptors
    $Descriptors = array(
        0 => array("pipe", "r"),
        1 => array("pipe", "w"),
        2 => array("pipe", "w"),
        3 => array("pipe", "r") // This is the pipe we can feed the password into
    );

    // Build the command line and start the process
    $CommandLine = $GPGPath . ' --homedir ' . $HomeDir . ' --quiet --batch --local-user "' . $Identity . '" --passphrase-fd 3 --decrypt -';
    $ProcessHandle = proc_open( $CommandLine, $Descriptors, $Pipes);

    if(is_resource($ProcessHandle)) {
        // Push passphrase to custom pipe
        fwrite($Pipes[3], $PassPhrase);
        fclose($Pipes[3]);