使用PHP启用SVN调用的安全方法?
有没有办法修改RHEL/Apache/PHP上的权限,以便以安全的方式使用shell命令(即shell_exec()、shell()或system())调用SVN使用PHP启用SVN调用的安全方法?,php,apache,svn,shell,Php,Apache,Svn,Shell,有没有办法修改RHEL/Apache/PHP上的权限,以便以安全的方式使用shell命令(即shell_exec()、shell()或system())调用SVN 目前,在尝试shell命令时,我的权限被拒绝。实现这一点的唯一方法是使用SSH2库并在特定帐户下连接localy。否则我就无法正确设置它们 这不是一个很好的库,我花了1天的时间来测试和搜索文档,所以这肯定不是最好的方法,但至少它是有效的 当前正在使用的库: <?php /** * * Runs several SSH2
目前,在尝试shell命令时,我的权限被拒绝。实现这一点的唯一方法是使用SSH2库并在特定帐户下连接localy。否则我就无法正确设置它们
这不是一个很好的库,我花了1天的时间来测试和搜索文档,所以这肯定不是最好的方法,但至少它是有效的 当前正在使用的库:
<?php
/**
*
* Runs several SSH2 commands on the devl server as root
*
*/
function ssh2Run(array $commands, $catchoutput = true, $server = 'localhost', $user = 'root', $logfile = NULL){
//Open a log file for web output
if($logfile == NULL){ $logfile = logCreate(); }
//Connect to ssh2
$connection = ssh2_connect($server);
$hostkey = ssh2_fingerprint($connection);
logWrite($logfile, 'Connected to '.$server.', hostkey = '.$hostkey);
ssh2_auth_pubkey_file($connection, $user, '/home/myuser/.ssh/id_rsa.pub', '/home/myuser/.ssh/id_rsa');
//Execute the various commands and read the output to the log file
foreach($commands as $command){
// Run a command that will probably write to stderr (unless you have a folder named /hom)
logWrite($logfile, 'Sending command: '.$user.'@'.$server.': '.$command);
logWrite($logfile, '----------------------------------------------------------------------------------');
$outputStream = ssh2_exec($connection, $command, true);
if(is_resource($outputStream)){
stream_set_blocking($outputStream, true);
}
//Catch
if($catchoutput){
if(is_resource($errorStream)){
$errorStream = ssh2_fetch_stream($outputStream, SSH2_STREAM_STDERR);
}
// Enable blocking for both streams
if(is_resource($errorStream)){
stream_set_blocking($errorStream, true);
}
// Whichever of the two below commands is listed first will receive its appropriate output. The second command receives nothing
logWrite($logfile, 'Output of command:');
//Loop the stream until it is complete
while((is_resource($outputStream) && !feof($outputStream)) || (is_resource($errorStream) && !feof($errorStream))){
//Content read out
if(is_resource($outputStream) && !feof($outputStream)){
$outputContent = trim(fgets($outputStream));
}else{
$outputContent = '';
}
if(is_resource($errorStream) && !feof($errorStream)){
$errorContent = trim(fgets($errorStream));
}else{
$errorContent = '';
}
//Add the information to the log
if($outputContent == '' && $errorContent == ''){ continue; }
if($outputContent !== ''){
logWrite($logfile, 'OUT: '.$outputContent);
}
if($errorContent !== ''){
logWrite($logfile, 'ERROR: '.$errorContent);
}
}
// Close the streams
if(is_resource($errorStream)){ fclose($errorStream); }
if(is_resource($outputStream)){ fclose($outputStream); }
}
}
//Return the log
return $logfile;
}
/**
*
* List files in a SFTP enabled directory
*
*/
function sftpList($server, $user, $path){
//Connect to ssh2
$connection = ssh2_connect($server);
$hostkey = ssh2_fingerprint($connection);
ssh2_auth_pubkey_file($connection, $user, '/home/myuser/.ssh/id_rsa.pub', '/home/myuser/.ssh/id_rsa');
//Create our SFTP resource
if(!$sftp = ssh2_sftp($connection)){
throw new Exception('Unable to create SFTP connection.');
}
/**
* Now that we have our SFTP resource, we can open a directory resource
* to get us a list of files. Here we will use the $sftp resource in
* our address string as I previously mentioned since our ssh2://
* protocol allows it.
*/
$results = array();
$dirHandle = opendir('ssh2.sftp://'.$sftp.$path);
while (false !== ($result = readdir($dirHandle))) {
if ($result != '.' && $result != '..') {
$results[] = $result;
}
}
closedir($dirHandle);
//Return the log
return $results;
}
实现这一点的唯一方法是使用SSH2库并在特定帐户下连接localy。否则我就无法正确设置它们
这不是一个很好的库,我花了1天的时间来测试和搜索文档,所以这肯定不是最好的方法,但至少它是有效的
当前正在使用的库:
<?php
/**
*
* Runs several SSH2 commands on the devl server as root
*
*/
function ssh2Run(array $commands, $catchoutput = true, $server = 'localhost', $user = 'root', $logfile = NULL){
//Open a log file for web output
if($logfile == NULL){ $logfile = logCreate(); }
//Connect to ssh2
$connection = ssh2_connect($server);
$hostkey = ssh2_fingerprint($connection);
logWrite($logfile, 'Connected to '.$server.', hostkey = '.$hostkey);
ssh2_auth_pubkey_file($connection, $user, '/home/myuser/.ssh/id_rsa.pub', '/home/myuser/.ssh/id_rsa');
//Execute the various commands and read the output to the log file
foreach($commands as $command){
// Run a command that will probably write to stderr (unless you have a folder named /hom)
logWrite($logfile, 'Sending command: '.$user.'@'.$server.': '.$command);
logWrite($logfile, '----------------------------------------------------------------------------------');
$outputStream = ssh2_exec($connection, $command, true);
if(is_resource($outputStream)){
stream_set_blocking($outputStream, true);
}
//Catch
if($catchoutput){
if(is_resource($errorStream)){
$errorStream = ssh2_fetch_stream($outputStream, SSH2_STREAM_STDERR);
}
// Enable blocking for both streams
if(is_resource($errorStream)){
stream_set_blocking($errorStream, true);
}
// Whichever of the two below commands is listed first will receive its appropriate output. The second command receives nothing
logWrite($logfile, 'Output of command:');
//Loop the stream until it is complete
while((is_resource($outputStream) && !feof($outputStream)) || (is_resource($errorStream) && !feof($errorStream))){
//Content read out
if(is_resource($outputStream) && !feof($outputStream)){
$outputContent = trim(fgets($outputStream));
}else{
$outputContent = '';
}
if(is_resource($errorStream) && !feof($errorStream)){
$errorContent = trim(fgets($errorStream));
}else{
$errorContent = '';
}
//Add the information to the log
if($outputContent == '' && $errorContent == ''){ continue; }
if($outputContent !== ''){
logWrite($logfile, 'OUT: '.$outputContent);
}
if($errorContent !== ''){
logWrite($logfile, 'ERROR: '.$errorContent);
}
}
// Close the streams
if(is_resource($errorStream)){ fclose($errorStream); }
if(is_resource($outputStream)){ fclose($outputStream); }
}
}
//Return the log
return $logfile;
}
/**
*
* List files in a SFTP enabled directory
*
*/
function sftpList($server, $user, $path){
//Connect to ssh2
$connection = ssh2_connect($server);
$hostkey = ssh2_fingerprint($connection);
ssh2_auth_pubkey_file($connection, $user, '/home/myuser/.ssh/id_rsa.pub', '/home/myuser/.ssh/id_rsa');
//Create our SFTP resource
if(!$sftp = ssh2_sftp($connection)){
throw new Exception('Unable to create SFTP connection.');
}
/**
* Now that we have our SFTP resource, we can open a directory resource
* to get us a list of files. Here we will use the $sftp resource in
* our address string as I previously mentioned since our ssh2://
* protocol allows it.
*/
$results = array();
$dirHandle = opendir('ssh2.sftp://'.$sftp.$path);
while (false !== ($result = readdir($dirHandle))) {
if ($result != '.' && $result != '..') {
$results[] = $result;
}
}
closedir($dirHandle);
//Return the log
return $results;
}
您不必使用exec()
调用和编写自己的svn add…
命令,因为PECL对此有一个稳定的PHP扩展-。包裹
这样,您就可以轻松访问代码中所需的所有SVN功能。您不必使用exec()
调用并创建自己的SVN add…
命令,因为PECL对此有一个稳定的PHP扩展-。包裹
这样,您就可以轻松访问代码中所需的所有SVN功能。您能给我一个小片段,让我了解它的外观吗?谢谢!我会尽快看一看这个。你能给我一个小片段,让我知道它是什么样子吗?谢谢!我会尽快看一看。是的,他们很危险。考虑这一点,以便在Windows IIS(或任何)上使用<代码>执行()/<代码>来为PHP提供对CMD的完全访问!??您可以使用,这是首选方法,因为不允许完全cmd访问。我一直努力在Unix/Linux上托管生产应用程序,因为php是在Unix/Linux环境中创建的,这最适合它的安全需要。@borislavsabev该网站上的介绍消息显示这是实验性的,可能会更改并使用,风险自负?我试图找出它支持什么版本的SVN…它说的是稳定的。版本-1.0.2状态-稳定发布日期-2012-03-27是的,它们很危险。考虑这一点,以便在Windows IIS(或任何)上使用<代码>执行()/<代码>来为PHP提供对CMD的完全访问!??您可以使用,这是首选方法,因为不允许完全cmd访问。我一直努力在Unix/Linux上托管生产应用程序,因为php是在Unix/Linux环境中创建的,这最适合它的安全需要。@borislavsabev该网站上的介绍消息显示这是实验性的,可能会更改并使用,风险自负?我试图找出它支持什么版本的SVN…它说的是稳定的。版本-1.0.2状态-稳定发布日期-2012-03-27