How can I have a PHP script run a shell script as root?

前端 未结 7 1197
野的像风
野的像风 2021-01-15 03:54

Running Fedora 9/10, Apache 2, PHP 5...

Can I run a shell script as root, from a PHP script using exec()?

Do I just give Apache root priveleges, and then add

7条回答
  •  轻奢々
    轻奢々 (楼主)
    2021-01-15 04:26

    As requested, here's the python server...

    #!/usr/bin/python
    import os 
    import socket
    print "  Loading Bindings..."
    settings = {}
    line = 0 
    for each in open('/path/to/actions.txt', 'r'):
     line = line + 1
      each = each.rstrip()
      if each <> "":
        if each[0] <> '#':
          a = each.partition(':')
          if a[2]:
            settings[a[0]] = a[2]
          else:
            print "    Err @ line",line,":",each
    print "  Starting Server...",
    port = 12345
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.bind(("", port))
    print "OK."
    print "  Listening on port:", port
    while True:
        datagram = s.recv(1024)
        if not datagram:
            break
        print "Rx Cmd:", datagram
        if settings.has_key(datagram):
          print "Launch:", settings[datagram]
          os.system(settings[datagram]+" &")
    s.close() 
    

    The config file "actions.txt" uses the format "action-name:corresponding-shell-command" i.e.

    # Hash denotes a comment
    webroot:nautilus /var/www
    ftp:filezilla
    edit_homepage:gedit /var/www/homepage/htdocs/index.php
    

    This code doesn't check the originating IP of the incoming UDP packets as I have it running on localhost, I am firewalled of from anyone else and checking would provide no protection against spoofing anyway.

    I don't have time to rewrite it to use TCP/IP but Python is a language that's worth getting to know so if you really want that functionality I'll leave it to you to have a google for 'Python' and 'SOCK_STREAM'. It's probably not worth your trouble though, it's easier to configure your firewall so that no spoofed localhost packets can get through and modify the code to make sure it only listens to packets from the loopback.

提交回复
热议问题