douci1196 2018-09-21 23:06
浏览 51

如何通过Web访问来处理命令行权限

Here is was I am trying to do:

I have a vServer, running different game servers, voice servers, bots etc. As we have some admins in our community who don't know how to handle the servers via command line I want to create a webinterface which basically executes some commands through button clicks and shows what the server would answer. Almost everything is working fine, I used PHP to execute commands with shell_exec() function, but I ran into a problem: the www-data user does not have the needed permissions to execute some commands. I googled for some solutions and now I know that it would not be intelligent to run Apache as root, so I am searching for another solution...

Anyone who knows a "beautiful" way to solve this? I need to say that I am pretty much a beginner with these things, so please don't expect to much knowledge :p

Thanks in advance and kind regards :)

  • 写回答

1条回答 默认 最新

  • duanmen2189 2018-09-21 23:32
    关注

    One possible solution could have all the commands that you want to run saved in a database table, then create a PHP script running in the crontab as root. This PHP script should have permission to run system_exec.

    The steps are 1) Save commands in the database table => "ls /etc/var/log/" 2) PHP script /var/www/html/read_commands.php (read all the commands from the table and execute with system_exec) and then delete the command. Ex. 

    $command_from_table="ls /etc/var/log/";
system_exec($command_from_table);
//delete the command from the table.

    3) Add /var/www/html/read_commands.php to the crontab -e.

    * * * * * sudo /var/www/html/read_commands.php

    This can give you one idea, but there are many approaches to this, this can be done with some permission for apache but is a breach of security.

    Also you need to make sure the user can't insert critical commands like rm -rf / lol

    评论

报告相同问题?

悬赏问题

  • ¥15 Matlab问题解答有两个问题
  • ¥50 Oracle Kubernetes服务器集群主节点无法访问,工作节点可以访问
  • ¥15 LCD12864中文显示
  • ¥15 在使用CH341SER.EXE时不小心把所有驱动文件删除了怎么解决
  • ¥15 gsoap生成onvif框架
  • ¥15 有关sql server business intellige安装,包括SSDT、SSMS。
  • ¥15 stm32的can接口不能收发数据
  • ¥15 目标检测算法移植到arm开发板
  • ¥15 利用JD51设计温度报警系统
  • ¥15 快手联盟怎么快速的跑出建立模型