php's exec function

Dear Experts,

I have a php page which uses the following line:

exec("sh script.sh", $retval);

I have script.sh in the same directory as my php page,  How do I make script.sh safe?  What permissions should it be set too?

Thanks
ixf
LVL 1
narmi2Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
karoldvlConnect With a Mentor Commented:
As you don't use input data from the user:
exec("sh script.sh", $retval);

 this should be reasonably safe. If you intend to in the future, this would be a major point to think about.

All depends on what your script does, and how safe this script is in itself (even indirect threats - overusage/DoS?).
 
 You should use the minimal permission set that works for you. Maybe:
chmod 0500 script.sh
would suffice, depends on your server config (if not, try chmod 0550 script.sh).

It would be probably good to avoid listing the content of the script to the outside world (.htaccess, permissions, moving it out of web root?).
0
 
narmi2Author Commented:
The script downloads a file from the internet, processes it to create another file based on the original downloaded file, then deletes the original downloaded file.
0
 
karoldvlConnect With a Mentor Commented:
In this case it wouldn't hurt to move the script and all the processing (temp files) out of your website directory if it's feasible.
0
All Courses

From novice to tech pro — start learning today.