PHP - Manual: posix_setuid

2024-11-13

posix_setuid

(PHP 4, PHP 5, PHP 7, PHP 8)

posix_setuid — Set the UID of the current process

说明

posix_setuid(int $user_id): bool

Set the real user ID of the current process. This is a privileged function that needs appropriate privileges (usually root) on the system to be able to perform this function.

参数

user_id: The user id.

返回值

成功时返回 true，或者在失败时返回 false。

范例

示例 #1 posix_setuid() example

This example will show the current user id and then set it to a different value.


<?php
echo posix_getuid()."\n"; //10001
echo posix_geteuid()."\n"; //10001
posix_setuid(10000);
echo posix_getuid()."\n"; //10000
echo posix_geteuid()."\n"; //10000
?>

参见

posix_setgid() - Set the GID of the current process
posix_seteuid() - Set the effective UID of the current process
posix_getuid() - Return the real user ID of the current process
posix_geteuid() - Return the effective user ID of the current process

add a note

User Contributed Notes 7 notes

down

Leigh ¶

8 years ago


Note that on unix, if your target user does not have a valid shell, some php functions (eg: tempnam) will not work correctly:

$ grep www-data /etc/passwd
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

$ cat test.php 
#!/usr/bin/php -q
<?php
    $info=posix_getpwnam("www-data");
    $id=$info["uid"];

    $file=tempnam("/tmp","something");
    print "PRE SetUID: $file\n";

    $SETUID=posix_setuid($id);

    $file=tempnam("/tmp","something");
    print "POST SetUID: $file\n";
?>

$ sudo ./test.php 
PRE SetUID: /tmp/somethingrsb1qZ
POST SetUID:

down

TheWanderer ¶

15 years ago


On many UNIX systems (tested on Debian GNU/Linux), SUID is disabled for scripts and works only for binaries. If you need to setuid, you must use a wrapper binary that runs setuid() php script. Here's an example:

$ nano suexec.cpp
#include <stdlib>
using namespace std;
int main()
{
system("php /home/php/php_user.php");
return 0;
}

$ g++ -o suexec suexec.cpp
$ sudo chown root:root suexec
$ sudo chmod 4755 root

Then we create short PHP script to set process uid (you should already know how to do this). Don't even try to experiment with auto_prepend_file in php.ini, it doesn't work as expected.

down

reuben @ nospam me ¶

15 years ago


In response to a note above that advocated the user of system() in a setuid program written in C, this is generally a bad idea for security.  

You should use the standard library calls like execl() instead because system() can be manipulated to execute the wrong thing using the SHELL, IFS and possibly other variables.

down

fm at farhad.ca ¶

14 years ago


When you do a posix_setuid from root to some other users you will not have access to files owned by root according to their permissions. For instance if you change owner of the process and still need to open a file for read or write with 600 permission owned by root you will receive a permission denied.
There are some ways to do this (i.e. a unix socket or tcp daemon etc), but probably the most easiest way is:

Open the file before changing ownership of process, save the file pointer in a global variable and use it after changing ownership. 

For example assume /root/test_file is a file owned by root:root and have a permission of 600 and you are running this script under root. This code will not work:

<?php
// Change ownership of process to nobody
posix_setgid(99);
posix_setuid(99);

$fd = fopen('/root/test_file','a');
fwrite($fd,"some test strings");
fclose();

?>

But this one will work:

<?php
$fd = fopen('/root/test_file','a');

// Change ownership of process to nobody
posix_setgid(99);
posix_setuid(99);

fwrite($fd,"some test strings");
fclose();

?>

Hope this helps some one.

[Tested on CentOS 5 - Linux 2.6.x - PHP 5.2.x]

down

hpaul/at/abo/dot/fi ¶

15 years ago


It seems like this function returns true if you try to change uid to the already active user - even if you aren't root.

Should save you one if-statement in some cases.

down

simon at dont-spam-me-pleease dot simonster dot com ¶

19 years ago


Here's some Perl code to run a PHP script setuid. Just put it into a CGI, make that CGI setuid and executable, then call the CGI where you would usually call the PHP script.

#!/usr/local/bin/perl

# Perl wrapper to execute a PHP script setuid
# 官方地址：https://www.php.net/manual/en/function.posix-setuid.php


		

			
				有任何技术问题请点击这里
				网站运营推广招聘
			

			
									IT
									PHP
									编程语言
									Linux
									开发编程
									科技
									Elasticsearch
									HTML/CSS/XML
									网络
									JAVA
									NoSQL
									数据库
									面试
									C/C++
									Golang
									Git
									算法
									操作系统
									正则表达式
									Redis
									互联网
									MySql
									JavaScript
									运维
									软件
									国际
									架构设计
									Mac OS
									TCP/IP
									Excel
									Vim
									Windows
									Socket
									Oracle
									VR
									MongoDB
									Python
									运营
									MemCache
									商业
									硬件
									电子
									娱乐
									设计
									nginx
									摄影
									游戏
									WordPress
									HTTP
									团建
									数码电器
							

			
			
    
        
            
        
        广告
    

    
        
            
        
        --
    

			

			
								php7 安装fileinfo扩展
								preg_split — 通过一个正则表达式分隔字符串
								php位值,解决 PHP 中 usort 在值相同时改变原始位置的问题
								[PHP] inet_pton/inet_ntop IP地址转换函数
								array_multisort() 多字段排序
								PHPMailer设置utf8 PHPMailer字符集CharSet
								ADORecordSet对象
								adodb手册
								PHP 8.1
								[鸟哥]PHP_INT_MIN 和 -9223372036854775808
								opcache预加载
								Composer的Packagist资源
								mysql面试题
								[鸟哥]PHP FFI详解 - 一种全新的PHP扩展方式
								PHP7添加redis扩展
								PHP mkdir()写出来的权限与mode值不符合
								Packagist / Composer 中国全量镜像
								php中几种注释规范
								利用php soap实现web service
								PHP获取指定函数定义在哪个文件中及行号









	
		联系我们
		半月雨文化
		可降解耗材网
		蓝云环保
					78免费小説					上海网站seo优化					工程造价					币安app官网下载				seo查询
	


	
		北京半月雨文化科技有限公司.版权所有
		京ICP备12026184号-3

略微加速

PHP官方手册 - 互联网笔记

posix_setuid

说明

参数

返回值

范例

参见

User Contributed Notes 7 notes