需求: 当在 php 中执行 shell 脚本时,发现有些command不成功,查看日志:没有相应的权限,使用
echo whoami
发现打印出的用户名为 www-data
查找一番资料后,有两个想法:
- 更改www-data的权限,在 visudo 中添加该用户无密码NOPASSWD选项(好像有点骚
- 使用 php-ssh2扩展,能够通过密码/秘钥的形式连接主机,并执行 command;这样不就改变user了
果断采取行动二,方便在主机上对权限进行配置,便于隔离。
安装 php-ssh2
- 环境:Ubuntu16.04 php7.0(其他没试)
安装过程并不顺利,找到了多篇教程,好多推荐下载源码包编译安装,再修改 php.ini 文件加载进去,
但过程繁琐就没试(懒)
后来在这里发现仅用:
sudo apt-get install php7.0-cli
sudo apt-get install libssh2-1 php-ssh2
就可以啦;
课后小记
当采用PECL安装或直接用源码包编译安装这些扩展时:
- 如果你要寻找 php.ini 并进行配置它的位置在:
/etc/php/7.0/apache2/php.ini (Apache)
/etc/php/7.0/fpm/php.ini (Nginx)
- PECL与PEAR到底是啥呢?
PECL stands for PHP Extension Community Library, it has extensions written in C, that can be loaded into PHP to provide additional functionality. You need to have administrator rights, a C compiler and associated toolchain to install those extensions.
PEAR is PHP Extension and Application Repository, it has libraries and code written IN php. Those you can simply download, install and include in your code.
- phpize用来准备编译环境
If you have multiple PHP versions installed, you may be able to specify for which installation you'd like to build by using the --with-php-config option during configuration.
--with-php-config=[Insert path to proper php-config here]
For example:
./configure --with-php-config=/usr/local/php5/bin/php-config5
- 当然也可以用这个不用任何其他扩展的库 phpseclib 1.0
参考
更多关于ubuntu系统配置方面的内容可参考本人博客:老香椿https://laoxiangchun.cn/