php用root权限调用脚本有两种方法:
①利用C来实现互换权限
②新建Apache的执行用户并赋予root权限
第二种方法的权限安全问题没有仔细研究所以没尝试,用了第一种方法,可行。
程序代码如下:
程序编译或者修改重新编译后,要执行 chmod u+s syncfile,“设置uid,当普通用户执行的时候是以root的权限来执行的,在run.c里面会交换进程的ID,从而利用root的ID为0,来执行”
-
#include <stdlib.h>
-
#include <sys/types.h>
-
#include <unistd.h>
-
#include <string.h>
-
-
int main(int argc, char **argv)
-
{
-
printf("argc:%d\n",argc);
-
if (argc!=3)
-
{
-
printf("Missing parameters!\n");
-
return -1;
-
}
-
if (strcmp(argv[1],"php.py") &&
-
strcmp(argv[1],"cpp.py") &&
-
strcmp(argv[1],"frontend.py") &&
-
strcmp(argv[1],"z.py"))
-
{
-
printf("parameters err!\n");
-
return -1;
-
}
-
-
uid_t uid , euid ;
-
uid = getuid();
-
euid= geteuid();
-
printf("my uid:%u\n",getuid());
-
printf("my euid:%u\n",geteuid());
-
if(setreuid(euid,uid))
-
perror("setreuid");
-
printf("after setreuid uid:%u\n",getuid());
-
printf("after setreuid euid:%u\n",geteuid());
-
char cmd[100] = {0};
-
snprintf(cmd, sizeof(cmd), "python ./%s %s", argv[1], argv[2]);
-
printf("%s \n", cmd);
-
int iRet = system(cmd);
-
return iRet;
-
}
需要注意的是,安全起见,对于传入的要执行的cmd要做限制,只允许做某些特定操作。
参考文章:
http://www.cnblogs.com/awinlei/archive/2013/04/02/2995367.html
================================
============分割线=====================================================
可以调用脚本之后,遇到另外一个问题,脚本里执行了make来编译c++程序,结果报一大堆错,主要的一些错误如下:
-
/usr/include/sys/types.h:147:20: error: stddef.h: No such file or directory
-
/usr/include/sched.h:30:20: error: stddef.h: No such file or directory
-
.//include/stdhd.h:12:20: error: stdarg.h: No such file or directory
-
.//include/stdhd.h:37:18: error: vector: No such file or directory
.//include/stdhd.h:38:18: error: string: No such file or directory
.//include/stdhd.h:39:15: error: map: No such file or directory
.//include/stdhd.h:40:15: error: set: No such file or directory
.//include/stdhd.h:41:16: error: list: No such file or directory
.//include/stdhd.h:42:20: error: iostream: No such file or directory
.//include/stdhd.h:43:17: error: queue: No such file or directory
.//include/stdhd.h:44:19: error: iomanip: No such file or directory
/usr/include/mysql/mysql_com.h:408: error: 'size_t' has not been declared
/usr/include/mysql/mysql_com.h:410: error: 'size_t' has not been declared
/usr/include/mysql/mysql_com.h:412: error: 'size_t' has not been declared
/usr/include/mysql/mysql_com.h:413: error: 'size_t' has not been declared
/usr/include/mysql/mysql_com.h:414: error: 'size_t' has not been declared
……
类似的报错非常多,怀疑make的时候没有找到系统头文件导致的。
想起来以前在脚本里执行oracle查询语句,由于缺少oracle环境变量导致执行失败的例子。
在脚本最前面加入". ~/.bash_profile",结果报错:找不到/var/www/
.bash_profile。
改为在脚本最前面加上". /etc/profile/",可以正常编译。
看来用C实现权限互换,只是取得了root权限,当前用户还是apache,没有得到root的环境变量,需要额外导入。
阅读(819) | 评论(0) | 转发(0) |
