Home > Article > Backend Development > Run external commands as root in PHP_PHP Tutorial
Running external programs that only root users can run in PHP has always been an old problem and is difficult to achieve using conventional methods. This is because under normal circumstances, PHP is used as a module of APACHE, that is to say, PHP is part of APACHE, and APACHE cannot execute commands with different user IDs except for the suEXEC mechanism, but the suEXEC mechanism can only CGI works. There was once an article on the Internet saying that it can be achieved by calling "su - -c COMMAND", but after many tests, it was found that it does not work because the su command must enter the root password on STDIN. what to do? Conventional methods are difficult to achieve, so we have to think of other methods. The key to success is to have a tool that can switch user IDs but also allow you to enter a password (or no password) on the command. Is there such a tool? Yes, it is super. Let’s talk about how to do it in detail below. It should be noted that installation and configuration of super must be done as root. The first step is to switch to root. The second step is to install super. First go to ftp://ftp.mdtsoft.com/pub/super to download super-3.14.0-1.i386.rpm. This is an RPM file that includes two tools: setuid and super, as well as their documentation and man manuals. Use the following command to install it into the system: % rpm -Uvh super-3.14.0-1.i386.rpm You can also use this command to view the files in this RPM: % rpm -qpl super-3.14.0- 1.i386.rpm As you can see from the results, both tools will be installed in the /bin directory. The third step is to configure super. The super configuration file is /etc/super.tab. This is a text file and the format is relatively complex. However, we only need to simply add a few lines here. As for detailed instructions, you can view them through man super.tab. Assume that the user running Apache is nobody, and we want to add system users through super (call the useradd command), then we only need to add the following line to the super.tab file: auser /sbin/useradd nobody, hunte The first paragraph is that super can The alias of the recognized command; the second paragraph is the full path of the system command corresponding to the alias; the third paragraph is a list of users who can run the command, separated by commas. In addition to nobody, there is also an ordinary user named hunte, which is used for the following tests. Of course, you should use any normal user you have on your system. At this point, the super configuration is ready. Step 4: Test. Log in as the non-nobody user specified in Step 3 and run: % /bin/super auser testuser. If there are no errors in the previous configuration, the user testuser should be successfully created. You can use: % cat /etc/passwd | grep testuser command to verify it. The fifth step is to call the command in PHP. The following is the PHP code: if ($username) { //应该检查新用户是否已经存在 echo 正在创建用户...; system(escapeshellcmd("/bin/super auser $username")); } ?> Use super to make the call as root in PHP Running external commands as an identity is no longer difficult. Give it a try. Test environment: RedHat Linux 7.0 (Kernel 2.4.3) + Apache 1.3.9 + PHP 4.0.4pl1