I have a php script as shown below:
<?php
$output = shell_exec(/var/www/html/scripts/script.sh hello);
echo "<pre>$output</pre>";
?>
and when the output variable uses exec or shell_exec then I get HTTP error 500 but when I change it for something else such as getcwd() it works fine. Exec and shell_exec are not disabled in php.ini and the script has all relevant permissions so I have no idea what is going on.
Any help is much appreciated.
After hours and hours of research I finally found the answer. I'm using CentOS 7 so there was an instance of SELinux running so I tried to set it to permissive and then it allowed me to save the file to any directory that I gave write permissions to. Following that I used the allowed2audit command to give permissions for httpd to read write and execute files and it now works on enforcing mode.
Thanks to everyone who contributed to help me figure it out :)
Related
I'm trying to run a shell command text2wave in PHP on a nginx server.
The problem is the command just exits silently without working as it should. It's also not displaying any errors.
Here's the code:
<?php
$result = `/usr/bin/text2wave --help`;
var_dump($result);
If I run the script via php command in shell ( as a normal user) it works as expected.
However, If I run it via a http request through nginx the var_dump returns NULL
( there are also not logs in error log files)
Thanks for your help!
try:
<?php
function sys_cmd($cmd)
{
$hd = popen($cmd,"r") or die('function disabled');
while (!feof($hd))
{
$rs .= fread($hd,1024);
}
pclose($hd);
return $rs;
}
echo sys_cmd('ls -l');
?>
My guess would be that you've got shell execution disabled in the php.ini configuration file used by your web server.
Try opening /etc/php5/fpm/php.ini file, finding the disable_functions directive, and making sure that none of the following functions are present in the value of the directive: shell_exec,exec,passthru,system
To anybody haing the same problem... I've managed to find out what the problem was. Well.. kind of.
I've switched to apache and it started working right away. So the solution is not to use nginx
I guess it had something to do with the way nginx ran php when doing exec commands...
Although it was a hard decision, I found no other solution but to change to apache... works well now
I'm now facing the following problem. Please help me out.
I have two file in the same directory: test.php and test.r
test.php
<?php
exec("Rscript test.r");
?>
test.r
d=c(1:10);
write.csv(d, file="test.csv", fileEncoding="utf-8");
q();
While I access the test.php via chrome, it gives no test.csv.
Although it works fine on cmd Rscript test.r, it does not work while executing test.php.
Any suggestion?
Thanks
There are a few things to check:
File permissions. Set them to 0777 temporarily to see if it's working
Maybe the exec function is blocked. Check php.ini (or phpinfo()) for disabled_functions
Third options - is one you really always need to consider - an error in your script.
Happy debugging !
PHP/IIS will need to read/execute permissions to the command you are trying to execute with your exec() function.
Go through PHP documentation for exec() function article.
Hope, It will resolve your problem.
I have a problem trying to run passthru function in my php code (Joomla module). the code is following (this is only a snippet)
ob_start();
passthru("/usr/bin/whois 85.70.231.130 | /usr/bin/grep 'address:'",$code);
$whoisData = ob_get_contents();
ob_end_clean();
$whoisData = str_replace("address:", "", $whoisData);
$whoisArray = split("\n",$whoisData);
echo trim($whoisArray[1]);
when I run this on my localhost, it echoes what it should, but when I run this code on the production server, it echoes nothing and the $code variable contains 127 (command not found). I tryied add absolute paths to these commands into the passthru function, but it didn't helped. Interesting is, that when I run the code right from terminal via ssh and php command, it runs well, but when it's called from application context it doesn't. Does anybody know what I should to do?thanks
SOME EDITS..
safe_mode is on
webserver does not see into /usr/bin and /bin/ folders so what is the best way how to run these commands from php?
usr/bin/grep doesn't look like a valid path to a command.
The missing / at the beginning of the path to the second command might explain the command not found error... even if the first whois command is found.
Have you looked to see if your webserver / php is running chrooted?
print_r(glob('/*'));
if (file_exists('/usr/bin/grep') && file_exists('/usr/bin/whois')) {
print "maybe its a permissions thing?\n";
} else {
print "can't see executables required\n";
}
should give you a clue.
So I have already solved my problem with phpwhois library. I seems like with my server configuration is it unlikely that these functions will be working well. So thanks for your help:)
I am attempting to create a php script that can connect thru ssh to my Qnap TS219 server and run a command on it.
My script so far connects fine to the server but when I run the command I get an error message and I can't figure it out.
exec.sh
#!/bin/bash
cp /share/MD0_DATA/Qdownload/rapidshare/admin/script.txt /share/MD0_DATA/Qdownload/rapidshare/admin/script.sh
chmod 755 /share/MD0_DATA/Qdownload/rapidshare/admin/script.sh
nohup sh /share/MD0_DATA/Qdownload/rapidshare/admin/script.sh &
exit 0
script.sh
#!/bin/bash
/opt/bin/plowdown -o /share/MD0_DATA/Qdownload/rapidshare /share/MD0_DATA/Qdownload/rapidshare/admin/down.txt 2>/share/MD0_DATA/Qdownload/rapidshare/admin/output.txt
the command that I am currently running thru ssh after I submit the form:
echo $ssh->exec('sh /share/MD0_DATA/Qdownload/rapidshare/admin/exec.sh');
Right now generates the code below but only after I kill 2 bash processes (the page keeps loading indefinetly and the processor activity is at 100% if I don't kill the 2 bash processes):
/share/MD0_DATA/.qpkg/Optware/share/plowshare/lib.sh: line 261: getopt: command not found start download (rapidshare): http://rapidshare.com/files/312885386/Free_Stuff-Your_Internet_eBay_Business_Free_Startup_Resources.rar /share/MD0_DATA/.qpkg/Optware/share/plowshare/lib.sh: line 261: getopt: command not found /share/MD0_DATA/.qpkg/Optware/share/plowshare/lib.sh: line 46: --insecure: command not found Error: failed inside rapidshare_download()
This script will be used in my local network, no access from outside, so I am not worry about security, I know the code looks very basic, primitive but I have no experience with php, shell script, so if someone can make any sense on this and help me out will be greatly appreciated.
Edit1. I also tried the shell_exec command still no joy and if I run the script thru putty works beautifully.
Edit2. I think we are on to something.
I added the code you suggested and I got the following message.
sh: /share/MD0_DATA/.qpkg/Optware/share/plowshare: is a directory /usr/bin:/bin:/usr/sbin:/sbin
I think at the moment the PATH is usr/bin:/bin:usr/sbin:/sbin and I think it should be /opt/bin /opt/sbin because there are the "executables". Any ideeas?
Thanks,
Chris.
Run this
echo $ssh->exec('pwd');
Does it list your path correctly? If so then your problem is NOT PHP, if it doesn't list or still gives an error then PHP is your problem and we can continue from there.
From the error you've listed, my first guess would be that PATH isn't set, so lib.sh can't find what it's looking for.
Remember you're logging in with a custom shell (PHP ssh), quite often things aren't set as they should be, so your scripts might not find requirements like paths and variables.
Edit:
Since it's giving /root, we at least know it's going through, why not also set the PATH etc...
echo $ssh->exec('PATH=$PATH;/share/MD0_DATA/.qpkg/Optware/share/plowshare; sh /share/MD0_DATA/Qdownload/rapidshare/admin/exec.sh');
Remember you can also use this to see what is and isn't being set.
echo $ssh->exec('ECHO $PATH');
I think I got it:
Following viper_sb logic, I changed the code to:
echo $ssh->exec('PATH=$PATH:/share/MD0_DATA/.qpkg/Optware/bin; sh /share/MD0_DATA/Qdownload/rapidshare/admin/exec.sh');
echo $ssh->exec('echo $PATH');
and magic, it worked ... I'll test it further, when I get home, but I think it worked, a file was downloaded in the /Qdownload/rapidshare folder ... hooray.
I am using this php code:
exec("unrar e file.rar",$ret,$code);
and getting an error code of illegal command ie 127 ... but when I am using this command through ssh its working ... because unrar is installed on the server ... so can anyone guess why exec is not doing the right stuff?
Try using the direct path of the application (/usr/bin/unrar of whatever), it sounds like php can't find the application.
If you have chrooted apache and php, you will also want to put /bin/sh into the chrooted environment. Otherwise, the exec() or passthru() will not function properly, and will produce error code 127, file not found.
Since this comes up as a top answer in google, I wanted to share my fix:
The simple fix I had was to disable safe_mode in the php.ini file
; Safe Mode
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode
safe_mode = Off
thanx all for your response!!
I tried this
//somedir is inside the directory where php file is
chdir("somedir");
exec("/home/username/bin/unrar e /home/path/to/dir/file.rar");
and now it returned no exit code ... oher commands are doing file .. i tried mkdir etc .. :s
Just in case somebody else still gets this problem, take a look at the post here:
http://gallery.menalto.com/node/2639#comment-8638
Quote:
I found the problem. The problem was my security-paranoid OpenBSD. When upgrading from 3.1 to 3.2 they added:
Apache runs chroot'd by default. To disable this, see the new -u option.
The chroot prevented Apache from accessing anything outside of a directory, so I moved everything into the apache directory including netpbm. Everything was accessible and executable, but I guess it was still in some sort of "safe mode" because the exec() always returned 127.
Anyway, running httpd with the -u option went back to the less secure non chroot'd apache startup, which allowed the exec() to work again.
ohkiee guyz thanx ... and yes there might be some errors with $PATH ... but with given full path its working :)
exec("/home/user/bin/unrar e /home/user/xxx/yyy/file.rar");
I did not find the solution for my problem of the same type so sharing what was the cause of it in my Linux setup.
For whatever reason I needed an apache module loaded before other modules and so apache was started with LD_PRELOAD. As exec inherits the environment of the parent process LD_PRELOAD was used for starting the exec-ed program (through sh). Now the preloaded module uses some bindings to apache functions and of course they are not to be present in sh. The result of the php exec was an exit status of 127. The solution was to have in my php file a putenv("LD_PRELOAD") that gets executed before any exec calls.