External programs that can only be run by the root user in PHP_PHP Tutorial

WBOY
Release: 2016-07-20 11:03:46
Original
951 people have browsed it

Running external programs that only the root user can run in PHP has always been an old problem and is difficult to achieve using conventional methods. This is because under normal circumstances, PHP is used as a module of APACHE, that is to say, PHP is part of APACHE, and APACHE cannot execute commands with different user IDs except for the suEXEC mechanism, but the suEXEC mechanism can only CGI works.
There was once an article on the Internet saying that it can be achieved by calling "su - -c COMMAND", but after many tests, it was found that it does not work because the su command must enter the root password on STDIN.
What to do? Conventional methods are difficult to achieve, so we have to think of other methods. The key to success is to have a tool that can switch user IDs but also allow you to enter a password (or no password) on the command. Is there such a tool? Yes, it is super.
Let’s talk about how to do it in detail?
It should be noted that installation and configuration of super must be done as root.
First step, switch to root
Second step, install super
First go to ftp://ftp.mdtsoft.com/pub/super to download super-3.14.0-1.i386.rpm . This is an RPM file that includes two tools: setuid and super, as well as their documentation and man manuals. Use the following command to install it into the system:
% rpm -Uvh super-3.14.0-1.i386.rpm
You can also use this command to view the files in this RPM:
% rpm -qpl super-3.14.0-1.i386.rpm
As you can see from the results, both tools will be installed in the /bin directory.
The third step is to configure super.
Super’s configuration file is /etc/super.tab. This is a text file and the format is relatively complex. However, we only need to simply add a few lines here. As for detailed instructions, you can view them through man super.tab.
Suppose the user running Apache is nobody, and we want to add a system user through super (call the useradd command), then we only need to add the following line to the super.tab file:
auser /sbin/useradd nobody,hunte
The first paragraph is the alias of the command that super can recognize; the second paragraph is the full path of the system command corresponding to the alias; the third paragraph is the list of users who can run the command, separated by commas. In addition to nobody, there is also an ordinary user named hunte, which is used for the following tests. Of course, you should use any normal user you have on your system.
At this point, the super configuration is ready.
The fourth step, test
Log in as the non-nobody user specified in the third step and run:
% /bin/super auser testuser
If there are no errors in the previous configuration, the user testuser should be Created successfully. You can use:
% cat /etc/passwd | grep testuser
command to verify it.
The fifth step is to call the command in PHP
The following is the PHP code:

if ($username)

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/445254.htmlTechArticleRunning external programs that only root users can run in PHP has always been an old problem. It is very easy to use conventional methods. Difficult to achieve. This is because generally, PHP is used as a module of APACHE...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!