Running external programs that only the root user can run in PHP has always been an old problem and is difficult to achieve using conventional methods. This is because under normal circumstances, PHP is used as a module of APACHE, that is to say, PHP is part of APACHE, and APACHE cannot execute commands with different user IDs except for the suEXEC mechanism, but the suEXEC mechanism can only CGI works.
There was once an article on the Internet saying that it can be achieved by calling "su - -c COMMAND", but after many tests, it was found that it does not work because the su command must enter the root password on STDIN.
What to do? Conventional methods are difficult to achieve, so we have to think of other methods. The key to success is to have a tool that can switch user IDs but also allow you to enter a password (or no password) on the command. Is there such a tool? Yes, it is super.
Let’s talk about how to do it in detail?
It should be noted that installation and configuration of super must be done as root.
First step, switch to root
Second step, install super
First go to ftp://ftp.mdtsoft.com/pub/super to download super-3.14.0-1.i386.rpm . This is an RPM file that includes two tools: setuid and super, as well as their documentation and man manuals. Use the following command to install it into the system:
% rpm -Uvh super-3.14.0-1.i386.rpm
You can also use this command to view the files in this RPM:
% rpm -qpl super-3.14.0-1.i386.rpm
As you can see from the results, both tools will be installed in the /bin directory.
The third step is to configure super.
Super’s configuration file is /etc/super.tab. This is a text file and the format is relatively complex. However, we only need to simply add a few lines here. As for detailed instructions, you can view them through man super.tab.
Suppose the user running Apache is nobody, and we want to add a system user through super (call the useradd command), then we only need to add the following line to the super.tab file:
auser /sbin/useradd nobody,hunte
The first paragraph is the alias of the command that super can recognize; the second paragraph is the full path of the system command corresponding to the alias; the third paragraph is the list of users who can run the command, separated by commas. In addition to nobody, there is also an ordinary user named hunte, which is used for the following tests. Of course, you should use any normal user you have on your system.
At this point, the super configuration is ready.
The fourth step, test
Log in as the non-nobody user specified in the third step and run:
% /bin/super auser testuser
If there are no errors in the previous configuration, the user testuser should be Created successfully. You can use:
% cat /etc/passwd | grep testuser
command to verify it.
The fifth step is to call the command in PHP
The following is the PHP code:
if ($username)