How to safely implement the work with the GPIO of the Raspberry via the web interface?

There is a php script with buttons enable/disable the relay connected to the Raspberry through the run the bash script. To work I have to give a php script rights to run sudo. As I understand it, it's not safe. How best to implement the feature?
July 4th 19 at 23:07
1 answer
July 4th 19 at 23:09
Two options in my opinion:
1: to Properly configure sudoers.conf, to be able to run only a bash script and all.
2: Instead of bash to write a prog in python+flask which local web server and through it to pull the GPIO (so I sold). It skopipastit a couple of dozen rows + unit file in the autorun.

Find more questions by tags GPIOPHPRaspberry Pi