php will not execute a shell script
Having trouble getting PHP to kick off a shell script I wrote.
Below is the result of an echo in PHP outputting the $command_string just before I execute exec("$command_string") ;.
/Applications/XAMPP/xamppf
If I take that line and paste it into a shell it runs fine.
I've simplified the shell script to just echo "HELLO", and that doesn't work.
Same if I pass no parameters.
So my script isn't running.
WHO does the script run as? Just curious as I have the perms 777 and that didn't help.
------------
Some of my exec cmd tries:
exec("/bin/bash $command_string") ;
exec("$command_string") ;
exec ($command_string) ;
------------
Release Notes:
=-=-=-=-=-=-=-=-=-=-=-=-=-
[2014-08-21] XAMPP for OS X 1.8.3-5
This version of XAMPP includes:
- Updated OpenSSL to 1.0.1g
- Updated Apache to 2.4.9
- Updated PHP to 5.5.11
- phpMyAdmin 4.1.12
MySQL is 5.6.2.0
Below is the result of an echo in PHP outputting the $command_string just before I execute exec("$command_string") ;.
/Applications/XAMPP/xamppf
If I take that line and paste it into a shell it runs fine.
I've simplified the shell script to just echo "HELLO", and that doesn't work.
Same if I pass no parameters.
So my script isn't running.
WHO does the script run as? Just curious as I have the perms 777 and that didn't help.
------------
Some of my exec cmd tries:
exec("/bin/bash $command_string") ;
exec("$command_string") ;
exec ($command_string) ;
------------
Release Notes:
=-=-=-=-=-=-=-=-=-=-=-=-=-
[2014-08-21] XAMPP for OS X 1.8.3-5
This version of XAMPP includes:
- Updated OpenSSL to 1.0.1g
- Updated Apache to 2.4.9
- Updated PHP to 5.5.11
- phpMyAdmin 4.1.12
MySQL is 5.6.2.0
Dave Baldwin
Code running thru Apache will only have the permission of the Apache web server. It will not have your permissions to run shell commands. Apache is intentionally run under a limited user account to prevent people from doing the kinds of things that you are trying to do. While it may be irritating on a single user computer, it is vital on a multi-user system where people might sabotage the machine.
ASKER
Thanks Dave,
How then is the exec() and its cousins, meant to be used?
Any workarounds?
I need to run a non-trivial script, that checks/confirms things, to run mysqldump.
Could PHP run just that command with its parameters?
Thanks again,
Ralph
How then is the exec() and its cousins, meant to be used?
Any workarounds?
I need to run a non-trivial script, that checks/confirms things, to run mysqldump.
Could PHP run just that command with its parameters?
Thanks again,
Ralph
"exec()" is mostly useful running PHP on the command line (in the terminal) where it runs under your own permissions. Because "exec()" can run any programs that you have permissions for, it is frequently disabled on web hosting servers.
ASKER
Bad news, you should have prefaced.
Do you have any suggestions?
I know safe_mode is disappearing, so I don't want to go there.
My box and ultimately the DB & Apache server will be dedicated to this php app.
Thank you again,
Ralph
Do you have any suggestions?
I know safe_mode is disappearing, so I don't want to go there.
My box and ultimately the DB & Apache server will be dedicated to this php app.
Thank you again,
Ralph
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again Dave. Yes, mine is a dev box, and the real one will be dedicated to one app.
If I read the literature right, affixing a DIR and providing only limited access to the files, should (in my limited understanding of the abilities of crooked minded people), keep even the real thing safe. But I'm not the one to make that decision unless they ask me. THEN I will have to get smart and likely find another way to do this.
If I read the literature right, affixing a DIR and providing only limited access to the files, should (in my limited understanding of the abilities of crooked minded people), keep even the real thing safe. But I'm not the one to make that decision unless they ask me. THEN I will have to get smart and likely find another way to do this.
You're welcome. Security is a full-time problem for publicly exposed web sites and servers.