Solved

PHP system() credentials

Posted on 2004-10-11
7
389 Views
Last Modified: 2008-02-01
I am writing a web-based application to shutdown/reboot WinXP boxes in a lab of 70 systems.

The application has a little GUI map of the lab, each system having a checkbox.  You check what you want to reboot, click GO, and a PHP script writes loops executing the Windows "shutdown" command to the remote systems.

Here's the problem:

The "shutdown" command works from a command prompt, but when running the exact same thing from PHP's system() function, it returns a "Access Denied."

So does PHP run programs under different credentials than the logged in user?  Does it use the IUSR_xxxx  account (when using IIS)?  Is there a way to give the system command more "authority"?

I have tried using "runas" with the shutdown command:  this also works from a command prompt but not the web page.

Any ideas?  Also, any alternate ideas?  (am i doing this the hard way?)
It just needs to be web-based, to do from anywhere.

Thanks,
Ross
0
Comment
Question by:mistagitar
  • 3
7 Comments
 
LVL 48

Accepted Solution

by:
hernst42 earned 250 total points
Comment Utility
Yes the command is run as IUSR_xxxx So does it work if you put that IUSR_xxxx into the Adminitrator group ??
0
 
LVL 40

Assisted Solution

by:RQuadling
RQuadling earned 250 total points
Comment Utility
Alternatively, change the user that the webserver runs as to be a normal user.

0
 
LVL 5

Expert Comment

by:php-webdesign
Comment Utility
make sure your script has ADMINISTRATIVE rights
0
 
LVL 40

Expert Comment

by:RQuadling
Comment Utility
I think it is dangerous giving ANY sort of script Admin rights. And even worse a service which will run scripts!

All services should be given the minimum number of rights to do their job. Admin is WAY to powerful.

This is why the IUSR is so restricted.

You don't need to add Admin rights to shutdown the server.

The issue is that you want to shutdown the workstation though.

So. The easiest way is to configure the workstations to allow the AT Service to be accessed by the webserver user.

Then make sure you have time synchronised with the webserver.

Then you get SOON (from the Microsoft Resource Toolkit) and run it so that the shutdown command is run in say 15 seconds on the workstation.

Effectively, you are creating a task to run on the chosen workstation. The task is SHUTDOWN in 15 seconds.

Richard.
0
 
LVL 40

Expert Comment

by:RQuadling
Comment Utility
SOON.EXE

< 9:52 12/10/2004 C:\Program Files\Resource Kit>soon

-----------------------------------
SOON  :  Command Scheduling Utility
-----------------------------------

Usage : SOON [\\computername] [delay] [/INTERACTIVE] "command"
   or : SOON /D [/L:n] [/R:n] [/I:{ON|OFF}]

delay : the number of seconds from now when the scheduled job should start.

   /D : modify Default settings and/or display their current values.
   /L : set LocalDelay - default delay for Local jobs - initially 5 seconds.
   /R : set RemoteDelay - default delay for Remote jobs - initially 15 seconds.
   /I : set InteractiveAlways option - initially OFF.

SOON schedules a job to run in the near future, a number of seconds from now.
SOON closely resembles the AT command because SOON simply runs a suitable AT
command. For a details of the other arguments run "AT /?" without the quotes.

Examples : SOON CMD /C C:\JOBS\BATCH.CMD
           SOON 10 CMD /C C:\JOBS\BATCH.CMD
           SOON \\SERVER 60 /C \JOBS\BATCH.CMD
           SOON \\SERVER /INTERACTIVE CMD /C C:\JOBS\BATCH.CMD
           SOON /d /l:2 /r:30 /i:on

Current Settings :     InteractiveAlways = OFF
                    LocalDelay (seconds) = 5
                   RemoteDelay (seconds) = 15

< 9:53 12/10/2004 C:\Program Files\Resource Kit>AT /?
The AT command schedules commands and programs to run on a computer at
a specified time and date. The Schedule service must be running to use
the AT command.

AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]
AT [\\computername] time [/INTERACTIVE]
    [ /EVERY:date[,...] | /NEXT:date[,...]] "command"

\\computername     Specifies a remote computer. Commands are scheduled on the
                   local computer if this parameter is omitted.
id                 Is an identification number assigned to a scheduled
                   command.
/delete            Cancels a scheduled command. If id is omitted, all the
                   scheduled commands on the computer are canceled.
/yes               Used with cancel all jobs command when no further
                   confirmation is desired.
time               Specifies the time when command is to run.
/interactive       Allows the job to interact with the desktop of the user
                   who is logged on at the time the job runs.
/every:date[,...]  Runs the command on each specified day(s) of the week or
                   month. If date is omitted, the current day of the month
                   is assumed.
/next:date[,...]   Runs the specified command on the next occurrence of the
                   day (for example, next Thursday).  If date is omitted, the
                   current day of the month is assumed.
"command"          Is the Windows NT command, or batch program to be run.


So, assuming you have given IUSR persmission to access the local and remote AT service, you would issue a command like ...

SOON \\wortkstation_01 C:\Windows\System32\Shutdown.exe -s


There is also TSSHUTDN.

< 9:58 12/10/2004 C:\WINDOWS\system32>tsshutdn /?
Shut down a server in a controlled manner.

TSSHUTDN [wait_time] [/SERVER:servername] [/REBOOT] [/POWERDOWN]
         [/DELAY:logoffdelay] [/V]

  wait_time           Seconds to wait after user notification before
                      terminating all user sessions (default is 60).
  /SERVER:servername  The server to shut down (default is current).
  /REBOOT             Reboot the server after user sessions are terminated.
  /POWERDOWN          The server will prepare for powering off.
  /DELAY:logoffdelay  Seconds to wait after logging off all connected
                      sessions (default is 30).
  /V                  Display information about actions being performed.


All of these are command line programs you can launch. They all allow you to shutdown another system.

Obviously, the user running these tasks needs permission to the other machines to be able to do this.

If you are an admin user and these all work, then logout and log on as a non admin user. (VERY bad practise to run as an admin when working as a user).

Try these again.

If not working add yourself to the permissions list on the workstations for AT and I think RPC.

I'd try some of this out and if no further joy, ask in the Windows areas.

Richard.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
posting form data 3 24
Get Javascript URL parameters 7 27
while loop in html mail format 5 31
Wordpress Body Class 5 7
Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now