有沒有辦法修改RHEL/Apache/PHP上的權限,以安全的方式啓用使用shell命令調用SVN - 即。 shell_exec(),shell()或system()?使用PHP啓用SVN呼叫的安全方式?
目前,我在嘗試shell命令時被拒絕了權限。
有沒有辦法修改RHEL/Apache/PHP上的權限,以安全的方式啓用使用shell命令調用SVN - 即。 shell_exec(),shell()或system()?使用PHP啓用SVN呼叫的安全方式?
目前,我在嘗試shell命令時被拒絕了權限。
你不一定要使用exec()
電話,編造自己svn add ...
命令,因爲PECL有這種穩定的PHP擴展 - Subversion。該包裝is here。
這樣您就可以輕鬆訪問代碼中所有需要的SVN功能。
我能夠實現這一目標的唯一方法是使用SSH2庫並在特定帳戶下連接localy。否則,我永遠無法正確設置它們。
這不是一個好的圖書館,我有過1天考出和搜索文檔,以便它絕對不是最好的辦法,但至少它的工作原理...
目前使用的庫:
<?php
/**
*
* Runs several SSH2 commands on the devl server as root
*
*/
function ssh2Run(array $commands, $catchoutput = true, $server = 'localhost', $user = 'root', $logfile = NULL){
//Open a log file for web output
if($logfile == NULL){ $logfile = logCreate(); }
//Connect to ssh2
$connection = ssh2_connect($server);
$hostkey = ssh2_fingerprint($connection);
logWrite($logfile, 'Connected to '.$server.', hostkey = '.$hostkey);
ssh2_auth_pubkey_file($connection, $user, '/home/myuser/.ssh/id_rsa.pub', '/home/myuser/.ssh/id_rsa');
//Execute the various commands and read the output to the log file
foreach($commands as $command){
// Run a command that will probably write to stderr (unless you have a folder named /hom)
logWrite($logfile, 'Sending command: '.$user.'@'.$server.': '.$command);
logWrite($logfile, '----------------------------------------------------------------------------------');
$outputStream = ssh2_exec($connection, $command, true);
if(is_resource($outputStream)){
stream_set_blocking($outputStream, true);
}
//Catch
if($catchoutput){
if(is_resource($errorStream)){
$errorStream = ssh2_fetch_stream($outputStream, SSH2_STREAM_STDERR);
}
// Enable blocking for both streams
if(is_resource($errorStream)){
stream_set_blocking($errorStream, true);
}
// Whichever of the two below commands is listed first will receive its appropriate output. The second command receives nothing
logWrite($logfile, 'Output of command:');
//Loop the stream until it is complete
while((is_resource($outputStream) && !feof($outputStream)) || (is_resource($errorStream) && !feof($errorStream))){
//Content read out
if(is_resource($outputStream) && !feof($outputStream)){
$outputContent = trim(fgets($outputStream));
}else{
$outputContent = '';
}
if(is_resource($errorStream) && !feof($errorStream)){
$errorContent = trim(fgets($errorStream));
}else{
$errorContent = '';
}
//Add the information to the log
if($outputContent == '' && $errorContent == ''){ continue; }
if($outputContent !== ''){
logWrite($logfile, 'OUT: '.$outputContent);
}
if($errorContent !== ''){
logWrite($logfile, 'ERROR: '.$errorContent);
}
}
// Close the streams
if(is_resource($errorStream)){ fclose($errorStream); }
if(is_resource($outputStream)){ fclose($outputStream); }
}
}
//Return the log
return $logfile;
}
/**
*
* List files in a SFTP enabled directory
*
*/
function sftpList($server, $user, $path){
//Connect to ssh2
$connection = ssh2_connect($server);
$hostkey = ssh2_fingerprint($connection);
ssh2_auth_pubkey_file($connection, $user, '/home/myuser/.ssh/id_rsa.pub', '/home/myuser/.ssh/id_rsa');
//Create our SFTP resource
if(!$sftp = ssh2_sftp($connection)){
throw new Exception('Unable to create SFTP connection.');
}
/**
* Now that we have our SFTP resource, we can open a directory resource
* to get us a list of files. Here we will use the $sftp resource in
* our address string as I previously mentioned since our ssh2://
* protocol allows it.
*/
$results = array();
$dirHandle = opendir('ssh2.sftp://'.$sftp.$path);
while (false !== ($result = readdir($dirHandle))) {
if ($result != '.' && $result != '..') {
$results[] = $result;
}
}
closedir($dirHandle);
//Return the log
return $results;
}
+1用於避免系統命令。 –
是的,他們很危險。考慮到這一點,爲了在Windows IIS(或其他)上使用'exec()',你需要提供php以完全訪問cmd **! ...你有能力使用[COM Objects](http://php.net/manual/en/book.com.php),這是首選的方法,因爲不允許完整的cmd訪問。由於php是在Unix/Linux環境中創建的,因此我總是努力在Unix/Linux上託管生產應用程序,這是安全需求的最佳選擇。 –
@borislavsabev關於該網站上的介紹性消息,顯示這是實驗性的,可能會改變和使用,風險自擔?我試圖找出它支持什麼版本的SVN ... – TekiusFanatikus