1

我想在我的 VPS 上使用 drush 来执行 drupal 维护任务。但是,根据我安装的防火墙的自检结果的建议,我已经禁止 exec() 来自 php 。Drush 显然想要这个特权,我已经看到了三个选项来完成这项工作。

  1. 启用 exec()
  2. 使用php安全模式
  3. 将帐户的 php.ini 更改为“disable_functions = system, exec, shell_exec, passthru”

我的帐户是 Linux VPS 上唯一的管理员,我不打算改变它。我是 VPS 及其安全问题的新手。请告知哪个选项提供更安全的方法。

终端输出:

>exec() has been disabled for security reasons bootstrap.inc:639      [warning]
The following restricted PHP modes have non-empty values:                [error]
disable_functions and magic_quotes_gpc. This configuration is
incompatible with drush.  Please check your configuration settings in
/usr/local/lib/php.ini or in your drush.ini file; see
examples/example.drush.ini for details.
exec() has been disabled for security reasons exec.inc:150             [warning]
exec() has been disabled for security reasons exec.inc:150             [warning]
exec() has been disabled for security reasons exec.inc:150             [warning]
unlink(/home/site1/drush/lib/package.xml): No such file or          [warning]
directory drush.inc:798
The drush command 'status' could not be found.  Run `drush               [error]
cache-clear drush` to clear the commandfile cache if you have
installed new extensions.
Drush needs a copy of the PEAR Console_Table library in order to         [error]
function, and the attempt to download this file automatically failed.
To continue you will need to download the 1.1.3 package from
http://pear.php.net/package/Console_Table, extract it into
/home/site1/drush/lib directory, such that Table.php exists at
/home/site1/drush/lib/Console_Table-1.1.3/Table.php.
4

1 回答 1

2

PHP 有许多内置或通过扩展提供的功能。但是,在某些情况下,库或应用程序被设计为调用外部程序。如果没有 exec,这些软件包根本无法工作,因此您可以选择允许使用 exec 或不使用相关软件包。

忘记安全模式:它已被弃用,即将被完全删除。

exec 本身的使用本身并不是不安全的——它是当程序没有正确清理输入,或者代码的编写方式允许人们欺骗代码以不代表问题的方式调用 exec . 由于 Drush 是一种管理实用程序,因此您已经期望它只能由受信任的用户运行。我的意思是——它包括让你输入任何你想要的 php 代码并 evals() !

于 2013-05-06T20:59:54.610 回答