How to make a system call remotely?

江枫思渺然 提交于 2020-03-10 05:17:31

问题


I have an app that has to mount a disk on a server. The disk and the server all connected, it just has to use the linux 'mount' command.

I wrote a php that is simply:

<?
exec("/var/www/MountTheDisk.sh");
?>

And I added bash script: MountTheDisk.sh

#!/bin/bash

diskutil mount /dev/xvdb1 /mnt/theDisk/
echo trying to mount

Now, if I run that php, I get no result. Nothing is echo'd and no disk is mounted. How can I run this command remotely? Maybe php is not the best method?


回答1:


This solution seems not to work. I don't know why since I havent used SetUID with shell scripts. But I let this answer stay here just in case someone wants to refer to it.

For security reason I would recommand you to put your code into a bash file. Use the SetUID-bit to execute the bash file as root from within any other user. This way your file is not writeable by anyone else than root and you don't need to handle with sudo. Otherwise you allow your php-process to execute code as root which, in most cases, is a very bad idea.

The reason why you don't receive any output is probably because it ask for a password an there is no way for exec to enter one.

Edit: Change your php call to:

<?
exec("/var/www/MountTheDisk.sh");
?>

Than create a bash file (/var/www/MountTheDisk.sh) with some content like this

#!/bin/sh

// this script will be executed as root
diskutil mount /dev/xvdb1 /mnt/theDisk/
echo trying to mount

Now set SetUID bit and change owner to root. (musst be done via root shell)

// make script executable
chmod +x /var/www/MountTheDisk.sh

// setuid bit
chmod u+s /var/www/MountTheDisk.sh

// change owner to root
chown root:root /var/www/MountTheDisk.sh

Note: Any user can run this file. Any call will result in it beeing executed as root.




回答2:


The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.

  1. Run the command sudo visudo. Actually we want to edit the file in etc/sudoers.To do that, by using sudo visudo in terminal ,it duplicate(temp) sudoers file to edit.
  2. At the end of the file, add the following ex:-if we want to use command for restart smokeping and mount command for another action,

www-data ALL=NOPASSWD: /etc/init.d/smokeping/restart, /bin/mount

(This is assuming that you wish to run restart and mount commands using super user (root) privileges.)

However, if you wish to run every application using super user privileges, then add the following instead of what’s above.You might not want to do that, not for ALL commands, very dangerous.

www-data ALL=NOPASSWD: ALL

3.After edit the sudoers file(by visudo we edit the temp file of sudoers so save and quit temp file(visudo) to write in sudoers file.(wq!)

4.That’s it, now use exec() in the following manner inside your xxx.phpscript.keep remember to use sudo before the command use in the php script.

ex:-

exec ("sudo /etc/init.d/smokeping restart 2>&1");

So in your problem,add the commands that you wish to use in to the step no (2.) as I add and change your php script as what you want.



来源:https://stackoverflow.com/questions/16740802/how-to-make-a-system-call-remotely

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!