无法从PHP执行系统命令

huangapple go评论126阅读模式
英文:

Unable to execute system commands from PHP

问题

我正在尝试使用远程接口执行一些脚本。环境是在树莓派上运行的Raspbian(稍后我也会使用Debian),并且安装了LAMP。

文件位于web服务器的根目录下(例如example.com),文件名为test.php和test.sh。

test.sh

#!/bin/bash
sudo pkill chromium-browse
sudo reboot

test.php

<?php
$output=null;
$resultCode=null;
exec("./test.sh", $output, $resultCode);
// $ouptut = shell_exec('./test.sh 2>&1');  //也尝试过这个
// echo shell_exec("./test.sh");  //以及这个
echo "返回状态码为 $resultCode 并且输出为:\n";
print_r($output);
?>

最初,我使用了以下命令:

chmod u+x test.sh

但是得到了错误代码126。所以我尝试了这个:

chmod 777 test.sh

现在我得到了错误代码1,但仍然无法执行。我还尝试了以下命令:

sudo visudo

然后添加了:

pi ALL=(ALL) NOPASSWD: ALL

(pi是当前登录的用户)。

目前我得到了以下输出:

Array
(
    [0] => 
    [1] => We trust you have received the usual lecture from the local System
    [2] => Administrator. It usually boils down to these three things:
    [3] => 
    [4] =>     #1) Respect the privacy of others.
    [5] =>     #2) Think before you type.
    [6] =>     #3) With great power comes great responsibility.
    [7] => 
    [8] => sudo: no tty present and no askpass program specified
)

注意:我在命令行上经常使用sudo而不需要输入密码。

我在同一个目录下有另一个php文件,它成功地执行了一个真实的系统命令。它有这样一行:

$uptime = exec("uptime");

这个命令可以正常工作,所以我知道系统命令是可以执行的。有没有办法解决这个问题?我在SO和其他网站上看到了类似的问题,但是那些答案对我没有用。感谢任何帮助。

英文:

I am trying to execute a couple of scripts by using a remote interface. The environment is Raspbian on a Raspberry Pi (although I will be using Debian later as well) running LAMP.

The files are test.php and test.sh in the root directory of the webserver (say example.com)
test.sh

#!/bin/bash
sudo pkill chromium-browse
sudo reboot

test.php

&lt;?php
$output=null;
$resultCode=null;
exec(&quot;./test.sh&quot;, $output, $resultCode);
// $ouptut = shell_exec(&#39;./test.sh 2&gt;&amp;1&#39;);  //tried this too
// echo shell_exec(&quot;./test.sh&quot;);  // as well as this
echo &quot;Returned with status $resultCode and output:\n&quot;;
print_r($output);
?&gt;

Initially, I had used

chmod u+x test.sh

but got an error code of 126. So I did this:

chmod 777 test.sh

Now I get an error code of 1, but it still doesn't execute. I have also tried

 sudo visudo

then added

pi ALL=(ALL)    NOPASSWD: ALL

(pi is the current loggedin user)
Currently I am getting this:

Array
(
    [0] =&gt; 
    [1] =&gt; We trust you have received the usual lecture from the local System
    [2] =&gt; Administrator. It usually boils down to these three things:
    [3] =&gt; 
    [4] =&gt;     #1) Respect the privacy of others.
    [5] =&gt;     #2) Think before you type.
    [6] =&gt;     #3) With great power comes great responsibility.
    [7] =&gt; 
    [8] =&gt; sudo: no tty present and no askpass program specified
)

Note: I use sudo all the time at the command line without being asked for a password.

I do have another php file in the same directory that executes an actual system command successfully. It has this line:

$uptime =  exec(&quot;uptime&quot;);

which works just fine, so I know system commands are possible. Is there any way to do this? I have seen other similar questions on SO and other sites, but none of those answers have worked for me.

Any help appreciated.

答案1

得分: 0

像网页服务器这样的后台进程不是在登录的用户名下运行,而是有它们自己的用户ID。

如果在命令行上运行 ps axu,你可以确定网页服务器进程正在以哪个用户身份运行。这只是我在Ubuntu机器上使用apache的一个例子,但你的结果会非常相似:

www-data 15511 0.0 0.2 371988 39800 ? S 09:24 0:00 /usr/sbin/apache2

这里的 www-data 是运行apache进程的用户名。
所以你需要为这个用户授予su特权,使其能够运行su命令,而不是pi用户。

我应该警告你,这是一个严重的安全问题,基本上是给外部网站用户允许在你的系统上随意进行黑客攻击和破坏的权限……但如果这只是一个爱好项目,而且没有外部用户,那就没那么重要了。

英文:

Background processes like the web server do not run under the logged in username but have their own user ids.

If you do ps axu on your command line, you can determine the user that the web server process is running as. This is just an example from my Ubuntu machine using apache but your result will be very similar:

www-data 15511 0.0 0.2 371988 39800 ? S 09:24 0:00 /usr/sbin/apache2

That www-data is the user name of the process that's running apache.
So you need to give su privileges to that user to enable it to run su commands rather than the pi user.

I should warn you that this is a massive security issue, and you're basically giving external web-users permission to hack and destroy anything they like on your system... but if this is a hobby project and you have no external users, then it's not so important.

huangapple
  • 本文由 发表于 2023年2月8日 15:05:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/75382372.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定