dow57588 2017-07-08 00:30
浏览 354

如何允许www-data用户使用nginx执行bash脚本

I an Ubuntu 16.04 machine running NGINX and PHP. I would like to enable the www-data user (via web browser) to be able to access a PHP page (php-test.php) that will execute either a bash script (script_test.sh) or execute Linux CLI commands using shell_exec or exec.

I have done the following.

Created my bash script file script_test.sh

#!/bin/bash

whoami
echo $USER
echo 'test'

exit

when I run this from CLI, using

./ script_test.sh

It does indeed work and I can see the info echoed out in the CLI.

I then pursued the goal of being able to allow the www-data user run this bash script through a PHP page running on this same machine from NGINX.

I created my php page (php_test.php) and it contains the following

<?php

    chdir('/path/to/my/files/');
    shell_exec('./script_test.sh');  // ATTEMPT RUN SCRIPT
    shell_exec('/path/to/my/files/script_test.sh');  // ATTEMPT RUN SCRIPT

    echo 'test 123';  // SIMPLE ECHO IN THE PHP PAGE
?>

I then ran the following to modify the sudoers file, giving www-data access to the bash script

sudo nano /etc/sudoers

to which I added the following line

www-data ALL=NOPASSWD: /path/to/my/files/script_test.sh

I then made sure the script was executable, for the sake of my testing, not worrying about security, I just set it to 777 with the following command

sudo chmod 777 script_test.sh

From there I opened a web browser and browsed to the localhost (NGINX) web server (php_test.php) and the only thing I see on the page is the 'test 123' that I echo from PHP... none of the bash script appears to have run at all. I tailed the NGINX error log and don't see any error at all.

Is there another log that could contain clues on this?

What else should I check here?

  • 写回答

1条回答

  • douzhuiqiu4923 2017-07-08 02:15
    关注

    Can you try to use passthru instead of shell_exec, and see the output anything?

    Also try this, and see if it shows on the log file:

    if(file_exists('/path/to/my/files/script_test.sh')) { die('File not found!'); }
    shell_exec("nohup /path/to/my/files/script_test.sh > /path/to/my/files/output.log &");
    

    Also, are you running PHP with the www-data user (check your fpm pool)? Do you have any error on /var/log/syslog or /var/log/auth.log ? Have you restarted the server after changing the sudo permissions?

    What does su - www-data -c "whoami" and su - www-data -s /bin/bash -c "whoami" outputs?

    Does su - www-data -s /bin/bash -c "/path/to/my/files/script_test.sh" output something?

    评论

报告相同问题?

悬赏问题

  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 蓝桥杯单片机第十三届第一场,整点继电器吸合,5s后断开出现了问题
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 Arcgis相交分析无法绘制一个或多个图形