我在设置fastcgi包装器时遇到问题,以root身份从web执行命令
只有我已更改的设置
FCGI_USER="root"
FCGI_GROUP="root"
[....] Starting FastCGI wrapper: fcgiwrapspawn-fcgi: I will not set uid to 0
失败!
我想通过带有wiringPi的web操作gpio,但是wiringPisetup需要root访问权限
任何想法?
答案 0 :(得分:2)
spawn-fcgi(https://github.com/lighttpd/spawn-fcgi)就是问题所在。
将此补丁应用于src / spawn-fcgi.c并重新编译spawn-fcgi。在我的情况下,我想运行需要root的nmap -sS。当开发人员决定以根本不可能的方式运行时,它确实磨齿,因为它只是浪费每个人的时间。总是添加一个标志,称之为 - 超级不安全,如果你想,但至少把它放在那里!
diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c
index 2f320f7..27176d5 100644
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@@ -385,10 +385,10 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
}
my_uid = my_pwd->pw_uid;
- if (my_uid == 0) {
+ /*if (my_uid == 0) {
fprintf(stderr, "spawn-fcgi: I will not set uid to 0\n");
return -1;
- }
+ }*/
if (username) *username = user;
} else {
@@ -407,18 +407,18 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
}
my_gid = my_grp->gr_gid;
- if (my_gid == 0) {
+ /*if (my_gid == 0) {
fprintf(stderr, "spawn-fcgi: I will not set gid to 0\n");
return -1;
- }
+ }*/
}
} else if (my_pwd) {
my_gid = my_pwd->pw_gid;
- if (my_gid == 0) {
+ /*if (my_gid == 0) {
fprintf(stderr, "spawn-fcgi: I will not set gid to 0\n");
return -1;
- }
+ }*/
}
*uid = my_uid;