1.目的
我们平常执行linux的脚本是xshell工具连接服务器后,在去linux上执行,但是账号密码给到客户的时候权限不高,导致有些需要提权的命令无法执行,我就想着能否将用户常用的命令做个网站的形式点击执行
2.服务器环境
redhat 7.9 关闭selinux和firewalld
[root@ansible01 ~]# getenforce
Permissive
[root@ansible01 ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since 四 2024-05-16 13:14:53 CST; 37s ago
Docs: man:firewalld(1)
Process: 906 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 906 (code=exited, status=0/SUCCESS)
3月 21 10:57:22 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
3月 21 10:57:23 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
3月 21 10:57:23 localhost.localdomain firewalld[906]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.
5月 16 13:14:50 ansible01 systemd[1]: Stopping firewalld - dynamic firewall daemon...
5月 16 13:14:53 ansible01 systemd[1]: Stopped firewalld - dynamic firewall daemon.
3.实现步骤
3.1 安装nginx
[root@ansible01 ~]# yum install -y nginx
已加载插件:langpacks, product-id, search-disabled-repos, subscription-manager
正在解决依赖关系
--> 正在检查事务
---> 软件包 nginx.x86_64.1.1.20.1-10.el7 将被 安装
--> 正在处理依赖关系 nginx-filesystem = 1:1.20.1-10.el7,它被软件包 1:nginx-1.20.1-10.el7.x86_64 需要
--> 正在处理依赖关系 libcrypto.so.1.1(OPENSSL_1_1_0)(64bit),它被软件包 1:nginx-1.20.1-10.el7.x86_64 需要
--> 正在处理依赖关系 libssl.so.1.1(OPENSSL_1_1_0)(64bit),它被软件包 1:nginx-1.20.1-10.el7.x86_64 需要
--> 正在处理依赖关系 libssl.so.1.1(OPENSSL_1_1_1)(64bit),它被软件包 1:nginx-1.20.1-10.el7.x86_64 需要
--> 正在处理依赖关系 nginx-filesystem,它被软件包 1:nginx-1.20.1-10.el7.x86_64 需要
--> 正在处理依赖关系 libcrypto.so.1.1()(64bit),它被软件包 1:nginx-1.20.1-10.el7.x86_64 需要
--> 正在处理依赖关系 libssl.so.1.1()(64bit),它被软件包 1:nginx-1.20.1-10.el7.x86_64 需要
--> 正在检查事务
---> 软件包 nginx-filesystem.noarch.1.1.20.1-10.el7 将被 安装
---> 软件包 openssl11-libs.x86_64.1.1.1.1k-7.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=========================================================================================================================================================================================================================================
Package 架构 版本 源 大小
=========================================================================================================================================================================================================================================
正在安装:
nginx x86_64 1:1.20.1-10.el7 epel 588 k
为依赖而安装:
nginx-filesystem noarch 1:1.20.1-10.el7 epel 24 k
openssl11-libs x86_64 1:1.1.1k-7.el7 epel 1.5 M
......
作为依赖被安装:
nginx-filesystem.noarch 1:1.20.1-10.el7 openssl11-libs.x86_64 1:1.1.1k-7.el7
完毕!
3.2 安装php7-phm
#1.添加源
[root@ansible01 scripts]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
获取https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
警告:/var/tmp/rpm-tmp.DCZSO8: 头V4 RSA/SHA1 Signature, 密钥 ID 62e74ca5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:webtatic-release-7-3 ################################# [100%]
#2.安装php7-phm
[root@ansible01 scripts]# yum install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel
已加载插件:langpacks, product-id, search-disabled-repos, subscription-manager
正在解决依赖关系
--> 正在检查事务
---> 软件包 php70w-cli.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-common.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-fpm.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-gd.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-mbstring.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-mcrypt.x86_64.0.7.0.33-1.w7 将被 安装
--> 正在处理依赖关系 libmcrypt.so.4()(64bit),它被软件包 php70w-mcrypt-7.0.33-1.w7.x86_64 需要
......
已安装:
php70w-cli.x86_64 0:7.0.33-1.w7 php70w-common.x86_64 0:7.0.33-1.w7 php70w-fpm.x86_64 0:7.0.33-1.w7 php70w-gd.x86_64 0:7.0.33-1.w7 php70w-mbstring.x86_64 0:7.0.33-1.w7 php70w-mcrypt.x86_64 0:7.0.33-1.w7
php70w-mysql.x86_64 0:7.0.33-1.w7 php70w-pdo.x86_64 0:7.0.33-1.w7 php70w-pear.noarch 1:1.10.4-1.w7 php70w-pecl-apcu.x86_64 0:5.1.9-1.w7 php70w-pecl-apcu-devel.x86_64 0:5.1.9-1.w7 php70w-xml.x86_64 0:7.0.33-1.w7
作为依赖被安装:
autoconf.noarch 0:2.69-11.el7 automake.noarch 0:1.13.4-3.el7 libmcrypt.x86_64 0:2.5.8-13.el7 m4.x86_64 0:1.4.16-10.el7 pcre-devel.x86_64 0:8.32-17.el7 perl-Test-Harness.noarch 0:3.28-3.el7
perl-Thread-Queue.noarch 0:3.02-2.el7 php70w-devel.x86_64 0:7.0.33-1.w7 php70w-process.x86_64 0:7.0.33-1.w7
完毕!
3.3 修改nginx配置
在nginx.conf中server模块添加:
location /shell {
root /usr/share/nginx/;
index index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/$fastcgi_script_name;
include fastcgi_params;
}
3.4 启动php-fom
[root@ansible01 scripts]# systemctl start php-fpm.service
[root@ansible01 scripts]# systemctl status php-fpm.service
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2024-05-16 15:01:18 CST; 5s ago
Main PID: 3747 (php-fpm)
Status: "Ready to handle connections"
Tasks: 6
CGroup: /system.slice/php-fpm.service
├─3747 php-fpm: master process (/etc/php-fpm.conf)
├─3749 php-fpm: pool www
├─3750 php-fpm: pool www
├─3751 php-fpm: pool www
├─3752 php-fpm: pool www
└─3753 php-fpm: pool www
5月 16 15:01:18 ansible01 systemd[1]: Starting The PHP FastCGI Process Manager...
5月 16 15:01:18 ansible01 systemd[1]: Started The PHP FastCGI Process Manager.
[root@ansible01 scripts]# netstat -atunlp |grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 3747/php-fpm: maste
3.5 设置nginx用户免密登录到服务器
[root@ansible01 scripts]# cat /etc/passwd|grep nginx
nginx:x:987:981:Nginx web server:/var/lib/nginx:/sbin/nologin
[root@ansible01 scripts]# usermod -s /bin/bash nginx
[root@ansible01 scripts]# chown -R nginx:nginx /usr/share/nginx
[root@ansible01 scripts]# ls -la /usr/share/nginx/
总用量 12
drwxr-xr-x. 5 nginx nginx 46 5月 16 15:08 .
drwxr-xr-x. 266 root root 8192 5月 16 14:21 ..
drwxr-xr-x. 3 nginx nginx 136 5月 16 13:32 html
drwxr-xr-x. 2 nginx nginx 6 11月 11 2022 modules
drwxr-xr-x. 3 nginx nginx 55 5月 16 15:12 shell
[root@ansible01 scripts]# su nginx
bash-4.2$ ssh-
ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan
bash-4.2$ ssh-
ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan
bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PZBtIfYHr8BqgdlIzUZjptFqOEojRKwHDn6W4VgQgZQ nginx@ansible01
The key's randomart image is:
+---[RSA 2048]----+
|=*= o== o o |
|+E + X=+ = + |
|*.+.Boo = + o |
|o*+=o o = o |
|oo+o o S + |
|. . . |
| |
| |
| |
+----[SHA256]-----+
bash-4.2$
bash-4.2$ ssh-copy-id -i root@11.0.1.18
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
The authenticity of host '11.0.1.18 (11.0.1.18)' can't be established.
ECDSA key fingerprint is SHA256:gweR0h+U0FgjDSdewnvheSNcUnBBEEyPcPTpfzKbH/c.
ECDSA key fingerprint is MD5:74:6d:4f:ef:75:fd:02:69:3f:df:14:64:44:a5:71:a3.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@11.0.1.18's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@11.0.1.18'"
and check to make sure that only the key(s) you wanted were added.
bash-4.2$ ssh root@11.0.1.18
Last login: Thu May 16 15:10:05 2024 from ansible01
[root@ansible01 ~]# exit
登出
Connection to 11.0.1.18 closed.
bash-4.2$ exit
exit
[root@ansible01 scripts]#
[root@ansible01 scripts]# usermod -s /sbin/nologin nginx
3.6 新增index.html以及php,shell脚本
index.html:
[root@ansible01 shell]# cat /usr/share/nginx/shell/index.html
<!DOCTYPE html>
<html>
<body>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
</head>
<span>请选择想要执行的脚本:</span>
<br>
<br>
<br>
<form action="disk.php" method="post">
<input type="submit" value="查看磁盘" name="showdisk" />
</form>
<br>
<br>
</body>
</html>
disk.php:
[root@ansible01 shell]# cat /usr/share/nginx/shell/disk.php
<?php
header("Content-Type:text/html;charset=utf-8");
$shell="{$_POST['showdisk']}";
echo "<pre>";
echo "执行<font color='red'>$shell</font>结果如下:<br>";
# system("ssh -Tq root@11.0.1.18 sh /usr/share/nginx/shell/scripts/disk.sh,$shell");
system("sh /usr/share/nginx/shell/scripts/disk.sh");
echo "</pre>";
?>
disk.sh:
[root@ansible01 shell]# cat /usr/share/nginx/shell/scripts/disk.sh
#!/bin/bash
df -h