英文:
Unable to execute system commands from PHP
问题
我正在尝试使用远程接口执行一些脚本。环境是在树莓派上运行的Raspbian(稍后我也会使用Debian),并且安装了LAMP。
文件位于web服务器的根目录下(例如example.com),文件名为test.php和test.sh。
test.sh
#!/bin/bash
sudo pkill chromium-browse
sudo reboot
test.php
<?php
$output=null;
$resultCode=null;
exec("./test.sh", $output, $resultCode);
// $ouptut = shell_exec('./test.sh 2>&1'); //也尝试过这个
// echo shell_exec("./test.sh"); //以及这个
echo "返回状态码为 $resultCode 并且输出为:\n";
print_r($output);
?>
最初,我使用了以下命令:
chmod u+x test.sh
但是得到了错误代码126。所以我尝试了这个:
chmod 777 test.sh
现在我得到了错误代码1,但仍然无法执行。我还尝试了以下命令:
sudo visudo
然后添加了:
pi ALL=(ALL) NOPASSWD: ALL
(pi是当前登录的用户)。
目前我得到了以下输出:
Array
(
[0] =>
[1] => We trust you have received the usual lecture from the local System
[2] => Administrator. It usually boils down to these three things:
[3] =>
[4] => #1) Respect the privacy of others.
[5] => #2) Think before you type.
[6] => #3) With great power comes great responsibility.
[7] =>
[8] => sudo: no tty present and no askpass program specified
)
注意:我在命令行上经常使用sudo而不需要输入密码。
我在同一个目录下有另一个php文件,它成功地执行了一个真实的系统命令。它有这样一行:
$uptime = exec("uptime");
这个命令可以正常工作,所以我知道系统命令是可以执行的。有没有办法解决这个问题?我在SO和其他网站上看到了类似的问题,但是那些答案对我没有用。感谢任何帮助。
英文:
I am trying to execute a couple of scripts by using a remote interface. The environment is Raspbian on a Raspberry Pi (although I will be using Debian later as well) running LAMP.
The files are test.php and test.sh in the root directory of the webserver (say example.com)
test.sh
#!/bin/bash
sudo pkill chromium-browse
sudo reboot
test.php
<?php
$output=null;
$resultCode=null;
exec("./test.sh", $output, $resultCode);
// $ouptut = shell_exec('./test.sh 2>&1'); //tried this too
// echo shell_exec("./test.sh"); // as well as this
echo "Returned with status $resultCode and output:\n";
print_r($output);
?>
Initially, I had used
chmod u+x test.sh
but got an error code of 126. So I did this:
chmod 777 test.sh
Now I get an error code of 1, but it still doesn't execute. I have also tried
sudo visudo
then added
pi ALL=(ALL) NOPASSWD: ALL
(pi is the current loggedin user)
Currently I am getting this:
Array
(
[0] =>
[1] => We trust you have received the usual lecture from the local System
[2] => Administrator. It usually boils down to these three things:
[3] =>
[4] => #1) Respect the privacy of others.
[5] => #2) Think before you type.
[6] => #3) With great power comes great responsibility.
[7] =>
[8] => sudo: no tty present and no askpass program specified
)
Note: I use sudo all the time at the command line without being asked for a password.
I do have another php file in the same directory that executes an actual system command successfully. It has this line:
$uptime = exec("uptime");
which works just fine, so I know system commands are possible. Is there any way to do this? I have seen other similar questions on SO and other sites, but none of those answers have worked for me.
Any help appreciated.
答案1
得分: 0
像网页服务器这样的后台进程不是在登录的用户名下运行,而是有它们自己的用户ID。
如果在命令行上运行 ps axu
,你可以确定网页服务器进程正在以哪个用户身份运行。这只是我在Ubuntu机器上使用apache
的一个例子,但你的结果会非常相似:
www-data 15511 0.0 0.2 371988 39800 ? S 09:24 0:00 /usr/sbin/apache2
这里的 www-data
是运行apache进程的用户名。
所以你需要为这个用户授予su
特权,使其能够运行su
命令,而不是pi
用户。
我应该警告你,这是一个严重的安全问题,基本上是给外部网站用户允许在你的系统上随意进行黑客攻击和破坏的权限……但如果这只是一个爱好项目,而且没有外部用户,那就没那么重要了。
英文:
Background processes like the web server do not run under the logged in username but have their own user ids.
If you do ps axu
on your command line, you can determine the user that the web server process is running as. This is just an example from my Ubuntu machine using apache
but your result will be very similar:
www-data 15511 0.0 0.2 371988 39800 ? S 09:24 0:00 /usr/sbin/apache2
That www-data
is the user name of the process that's running apache.
So you need to give su
privileges to that user to enable it to run su
commands rather than the pi
user.
I should warn you that this is a massive security issue, and you're basically giving external web-users permission to hack and destroy anything they like on your system... but if this is a hobby project and you have no external users, then it's not so important.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论