php:在linux上用sudo提升权限(centos 8 / PHP 7.4.2)
一,php中查看当前用户:
php代码:
public function ocr() { $daemon_user = getenv('USERNAME') ?: getenv('USER'); $script_user = get_current_user(); return Result::Success(["daemon_user"=>$daemon_user,"script_user"=>$script_user]); }
访问时返回:
{
code: 0,
msg: "success",
data:{
daemon_user: "nginx",
script_user: "lhdop",
}
}
说明:daemon_user是正在执行当前脚本的用户,通常是php-fpm.conf中指定的user/group
script_user是脚本文件的owner,可以通过以下命令查看:
[root@blog controller]# ll total 24 -rw-rw-r-- 1 lhdop lhdop 1582 Oct 20 15:13 Auth.php -rw-rw-r-- 1 lhdop lhdop 1610 Oct 20 15:13 Home.php -rw-rw-r-- 1 lhdop lhdop 11804 Nov 5 18:08 Image.php -rw-rw-r-- 1 lhdop lhdop 1308 Oct 20 15:13 Index.php
说明:刘宏缔的架构森林是一个专注架构的博客,
网站:https://blog.imgtouch.com
原文: https://blog.imgtouch.com/index.php/2023/06/03/php-zai-linux-shang-yong-sudo-ti-sheng-quan-xian-centos-8/
对应的源码可以访问这里获取: https://github.com/liuhongdi/
或: https://gitee.com/liuhongdi
说明:作者:刘宏缔 邮箱: 371125307@qq.com
二,linux中配置sudo
1,python脚本
easy.py
import easyocr import sys reader = easyocr.Reader(['ch_sim','en'], gpu = False,verbose = False) path = sys.argv[1] result = reader.readtext(r''+path) print(result)
返回:
[lhdop@blog img2]$ python3 easy.py /home/lhdop/img2/text.jpeg [([[237, 41], [387, 41], [387, 127], [237, 127]], '推文', 0.9029050204465915), ([[36, 443], [761, 443], [761, 558], [36, 558]], '今天听到一个笑话:', 0.7776902087822264), ([[798,....
2,bash脚本
easy.sh
#!/bin/bash /usr/bin/python3 /home/lhdop/img2/easy.py ${1}
说明:使用bash脚本是为了在sudoers中只允许执行指定的脚本,避免安全问题
执行:
[lhdop@blog img2]$ /home/lhdop/img2/easy.sh /home/lhdop/img2/text.jpeg [([[237, 41], [387, 41], [387, 127], [237, 127]], '推文', 0.9029050204465915),
([[36, 443], [761, 443], [761, 558], [36, 558]], '今天听到一个笑话:', 0.7776902087822264),
([[798,448], [894, 448], [894, 552], [798, 552]], '美', 0.9923826635401589),
([[40, 562], [675, 562], [675, 674], [40, 674]], '国捅了欧盟一刀,', 0.6283286688234799),
...]
3,配置sudoers
[root@blog ~]# visudo
在root ALL=(ALL) ALL 一行后增加一行:
nginx ALL=(ALL) NOPASSWD:/home/lhdop/img2/easy.sh
如下:
root ALL=(ALL) ALL nginx ALL=(ALL) NOPASSWD:/home/lhdop/img2/easy.sh
NOPASSWD:表示执行后面的脚本时不需要输入密码
ALL:可以从任何主机运行
(ALL):作为谁执行,ALL
(ALL):作为谁执行,ALL
三,php调用sudo脚本
public function ocr() { $daemon_user = getenv('USERNAME') ?: getenv('USER'); $script_user = get_current_user(); $cmdtmb="sudo -u lhdop /home/lhdop/img2/easy.sh /home/lhdop/img2/text.jpeg"." 2>&1"; $rettmb=shell_exec($cmdtmb); return Result::Success(["daemon_user"=>$daemon_user,"script_user"=>$script_user,"cmd"=>$cmdtmb,"ret"=>$rettmb]); }
返回:
{ code: 0, msg: "success", data:{ daemon_user: "nginx", cmd: "sudo -u lhdop /home/lhdop/img2/easy.sh /home/lhdop/img2/text.jpeg 2>&1", script_user: "lhdop", msg: "this is home", ret: "[([[237, 41], [387, 41], [387, 127], [237, 127]], '推文', 0.9029050204465915),
([[36, 443], [761, 443], [761, 558], [36, 558]], '今天听到一个笑话:', 0.7776902087822264),
([[798, 448], [894, 448], [894, 552], [798, 552]], '美', 0.9923826635401589),
([[40, 562], [675, 562], [675, 674], [40, 674]], '国捅了欧盟一刀,', 0.6283286688234799),
...] " } }
四,查看php和linux版本:
查看linux版本
[root@blog ~]# more /etc/redhat-release CentOS Linux release 8.0.1905 (Core)
查看php版本
[root@blog ~]# /usr/local/soft/php7/bin/php --version PHP 7.4.2 (cli) (built: Apr 20 2022 16:49:58) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies
