php:在linux上用sudo提升权限(centos 8 / PHP 7.4.2)

一,php中查看当前用户:

 php代码:
public function ocr() {
        $daemon_user = getenv('USERNAME') ?: getenv('USER');
        $script_user =  get_current_user();
        return Result::Success(["daemon_user"=>$daemon_user,"script_user"=>$script_user]);
    }
访问时返回:
{
code: 0,
msg: "success",
data:{
daemon_user: "nginx",
script_user: "lhdop",
}
}

说明:daemon_user是正在执行当前脚本的用户,通常是php-fpm.conf中指定的user/group

          script_user是脚本文件的owner,可以通过以下命令查看:

[root@blog controller]# ll
total 24
-rw-rw-r-- 1 lhdop lhdop  1582 Oct 20 15:13 Auth.php
-rw-rw-r-- 1 lhdop lhdop  1610 Oct 20 15:13 Home.php
-rw-rw-r-- 1 lhdop lhdop 11804 Nov  5 18:08 Image.php
-rw-rw-r-- 1 lhdop lhdop  1308 Oct 20 15:13 Index.php

说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest

         对应的源码可以访问这里获取: https://github.com/liuhongdi/
         或: https://gitee.com/liuhongdi

说明:作者:刘宏缔 邮箱: 371125307@qq.com

二,linux中配置sudo

1,python脚本
easy.py
import easyocr
import sys
reader = easyocr.Reader(['ch_sim','en'], gpu = False,verbose = False)
path = sys.argv[1]
result = reader.readtext(r''+path)
print(result)

返回:

[lhdop@blog img2]$ python3 easy.py /home/lhdop/img2/text.jpeg
[([[237, 41], [387, 41], [387, 127], [237, 127]], '推文', 0.9029050204465915), 
([[36, 443], [761, 443], [761, 558], [36, 558]], '今天听到一个笑话:', 0.7776902087822264),
 ([[798,....
2,bash脚本
easy.sh
#!/bin/bash
/usr/bin/python3 /home/lhdop/img2/easy.py ${1}

说明:使用bash脚本是为了在sudoers中只允许执行指定的脚本,避免安全问题

执行:
[lhdop@blog img2]$ /home/lhdop/img2/easy.sh /home/lhdop/img2/text.jpeg
[([[237, 41], [387, 41], [387, 127], [237, 127]], '推文', 0.9029050204465915), 
([[36, 443], [761, 443], [761, 558], [36, 558]], '今天听到一个笑话:', 0.7776902087822264),
([[798,448], [894, 448], [894, 552], [798, 552]], '', 0.9923826635401589),
([[40, 562], [675, 562], [675, 674], [40, 674]], '国捅了欧盟一刀,', 0.6283286688234799),
...]
3,配置sudoers
[root@blog ~]# visudo                                                                                                                                                             
在root    ALL=(ALL)       ALL  一行后增加一行:
nginx   ALL=(ALL)       NOPASSWD:/home/lhdop/img2/easy.sh
如下:
root    ALL=(ALL)       ALL
nginx   ALL=(ALL)       NOPASSWD:/home/lhdop/img2/easy.sh
NOPASSWD:表示执行后面的脚本时不需要输入密码
 ALL:可以从任何主机运行
(ALL):作为谁执行,ALL

三,php调用sudo脚本 

    public function ocr() {
        $daemon_user = getenv('USERNAME') ?: getenv('USER');
        $script_user =  get_current_user();
        $cmdtmb="sudo -u lhdop /home/lhdop/img2/easy.sh /home/lhdop/img2/text.jpeg"." 2>&1";
        $rettmb=shell_exec($cmdtmb);
        return Result::Success(["daemon_user"=>$daemon_user,"script_user"=>$script_user,"cmd"=>$cmdtmb,"ret"=>$rettmb]);
    }
返回:
{
code: 0,
msg: "success",
data:{
daemon_user: "nginx",
cmd: "sudo -u lhdop /home/lhdop/img2/easy.sh /home/lhdop/img2/text.jpeg 2>&1",
script_user: "lhdop",
msg: "this is home",
ret: "[([[237, 41], [387, 41], [387, 127], [237, 127]], '推文', 0.9029050204465915), 
([[36, 443], [761, 443], [761, 558], [36, 558]], '今天听到一个笑话:', 0.7776902087822264),
([[798, 448], [894, 448], [894, 552], [798, 552]], '美', 0.9923826635401589),
([[40, 562], [675, 562], [675, 674], [40, 674]], '国捅了欧盟一刀,', 0.6283286688234799),
...] " } }

四,查看php和linux版本:

查看linux版本

[root@blog ~]# more /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
 查看php版本
[root@blog ~]# /usr/local/soft/php7/bin/php --version
PHP 7.4.2 (cli) (built: Apr 20 2022 16:49:58) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

 

posted @ 2022-11-05 18:41  刘宏缔的架构森林  阅读(38)  评论(0编辑  收藏  举报