Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

how to do a linux reboot from php file

I have a user brftv on my linux system and I have www-data that runs the nginx.

from the terminal I can let my brftv user run

sudo /sbin/reboot

and it works fine since I added the following to my /etc/sudoers file's "#user privilege specification" section:

brftv ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff
www-data ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff

But when my php file runs the following code, nothing happens

exec('nohup sudo -u brftv /sbin/reboot');

I added the www-data line to the etc/sudoers above in case it was necessary when running the above exec() (even though I run it as -u brftv, but I'm no linux expert, just thought better be safe just in case).

The php file that runs this exec() is owned by www-data, and chmod is 777, all should thus have privilege to execute from it.

I have tried running the php-file both through browser (would be run by user www-data I assume) and from terminal $ php myFile.php.

------------------- UPDATE -----------------

I did this

sudo chmod u s /sbin/reboot

Which allows all users on my system to run the reboot cmd without password. It works, but I rather not leave it THAT open, so the other solution with /etc/sudoers would be better, if someone would have a hint at what my problem is...

I followed this tut http://linux.byexamples.com/archives/315/how-to-shutdown-and-reboot-without-sudo-password/ and the second example is pretty much what I got above that didn't work for me..

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I would use a very small C program to grant access to only the PHP group (probably www-data in your case?), use the suid bit on the executable, and exec the reboot command

phpreboot.c :

#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main() {
   setuid(0); // for uid to be 0, root
   char *command = "/sbin/reboot";
   execl(command, command, NULL);
   return 0; // just to avoid the warning (since never returns)
}

Compile it

gcc -Wall phpreboot.c -o phpreboot

Move phpreboot where you want to run it (has to be accessible by PHP!)

mv phpreboot /home/private/

As root (or via sudo) ensure owner is root and group is set to www-data, and change rights to have suid bit (in this order)

chown root:www-data phpreboot
chmod 4750 phpreboot

The result, ls -l phpreboot should be something like (note the s in rws)

-rwsr-x--- 1 root www-data 8565 Jun 12 11:42 phpreboot*

Change the PHP script to execute phpreboot instead

exec ("/home/private/phpreboot"); // change the path!

Only one tiny executable will have the suid to run the reboot program, and only the PHP group will be able to execute it (and root of course).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...