Solved

php will not execute a shell script

Posted on 2014-11-17
7
280 Views
Last Modified: 2014-11-23
Having  trouble getting PHP to kick off a shell script I wrote.
Below is the result of an echo in PHP outputting the $command_string just before I execute  exec("$command_string") ;.

/Applications/XAMPP/xamppfiles/htdocs/myapp/AdminFiles/ForBackup/database_and_or_table_dump.sh "DnD" "my_dbname"

If I take that line and paste it into a shell it runs fine.

I've simplified the shell script to just echo "HELLO", and that doesn't work.
Same if I pass no parameters.
So my script isn't running.

WHO does the script run as?  Just curious as I have the perms 777 and that didn't help.

------------
Some of my exec cmd tries:

exec("/bin/bash $command_string") ;
exec("$command_string") ;
exec ($command_string) ;

------------
Release Notes:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

[2014-08-21] XAMPP for OS X 1.8.3-5

This version of XAMPP includes:
    - Updated OpenSSL to 1.0.1g
    - Updated Apache to 2.4.9
    - Updated PHP to 5.5.11
    - phpMyAdmin 4.1.12

MySQL is 5.6.2.0
0
Comment
Question by:Ralph
  • 4
  • 3
7 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40449295
Code running thru Apache will only have the permission of the Apache web server.  It will not have your permissions to run shell commands.  Apache is intentionally run under a limited user account to prevent people from doing the kinds of things that you are trying to do.  While it may be irritating on a single user computer, it is vital on a multi-user system where people might sabotage the machine.
0
 

Author Comment

by:Ralph
ID: 40451639
Thanks Dave,

How then is the exec() and its cousins, meant to be used?
Any workarounds?
I need to run a non-trivial script, that checks/confirms things, to run mysqldump.
Could PHP run just that command with its parameters?

Thanks again,
Ralph
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40451687
"exec()" is mostly useful running PHP on the command line (in the terminal) where it runs under your own permissions.  Because "exec()" can run any programs that you have permissions for, it is frequently disabled on web hosting servers.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Ralph
ID: 40451839
Bad news, you should have prefaced.

Do you have any suggestions?
I know safe_mode is disappearing, so I don't want to go there.

My box and ultimately the DB & Apache server will be dedicated to this php app.

Thank you again,
Ralph
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40452057
There is a feature called 'suexec' that is supposed to let you run PHP files in Apache under your own user permissions.  I don't know if it works or is even available for XAMPP on Mac.  Here's the Apache info: http://httpd.apache.org/docs/2.4/suexec.html

Another thing.  XAMPP (and WAMP and MAMP) is not considered secure enough for a 'production' environment with public and thus hacker access.  They are all designed to be 'easy' prototyping and testing environments.
0
 

Author Comment

by:Ralph
ID: 40461188
Thanks again Dave.  Yes, mine is a dev box, and the real one will be dedicated to one app.
If I read the literature right, affixing a DIR and providing only limited access to the files, should (in my limited understanding of the abilities of crooked minded people), keep even the real thing safe.  But I'm not the one to make that decision unless they ask me.  THEN I will have to get smart and likely find another way to do this.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40461213
You're welcome.  Security is a full-time problem for publicly exposed web sites and servers.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More Fun with XML and MySQL – Parsing Delimited String with a Single SQL Statement Are you ready for another of my SQL tidbits?  Hopefully so, as in this adventure, I will be covering a topic that comes up a lot which is parsing a comma (or other…
Creating and Managing Databases with phpMyAdmin in cPanel.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question