i have an application called app.exe it's create a file called account.txt in the same folder c:\ , the problem is that when i run the program from php exec function or cmd the account.txt file is not creating
i think the problem is from the permissions.
Run From: What happened
Manualy Executed and created the file account.txt
PHP exec Executed but it did't create account.txt
CMD Executed but it did't create account.txt
for php i use:
exec("C:\\windows\\system32\\cmd.exe /c START c:\app.exe");
for cmd i use:
START C:\app.exe
A program that requires elevation should specify so in its manifest. This would not help with the PHP issue though, especially if this is a web server using PHP. It is not possible to elevate without showing the UAC UI.
I'm not aware of a simple way to request elevation when executing something in Cmd. You might just have to start Cmd elevated (Right-click and "Run as Administrator").
PHP might be running as a different user but you gave us zero information about your setup so I don't know.
Without knowing anything about app.exe nor your Windows version or general configuration it is hard to give specific advise.
If you want to confirm that it as a permissions problem you can try running Process Monitor so you can see why the file operation fails.
You should be able to use the runas command
runas /profile /user:*admin user here* “*path to program here*”
you will then be prompted for that users password and after that it should run as admin.
Related
$output = shell_exec('echo "php '.$realFile.'" | at '.$targTime.' '.$targDate.' 2>&1');
print $output;
Can someone please help me figure out why the above line isn't doing what it's supposed to be doing? The idea is for it to create an 'at' job that will execute a php script. If I switch to the user apache(which will ideally control the at function when the php file is complete) I can run
echo "php $realFile.php" | at 00:00 05/30/17
and it'll do EXACTLY what I want. The problem is in the above snippet from my php file it will not create the at job correctly. when I do a at -c job# on both of them the job made from my file is about a 3rd the length missing the User info and everything. It basically starts at PATH= and goes down. Doesn't include HOSTNAME=, SHELL=, SSH_CLIENT=, SSH_TTY=, USER=. I assume it needs most of this info to run correctly. The end output (below)is always the same though it just doesn't have any of the top part for some reason. Let me know if you need more info. I didn't want to paste all of my code here as it contains job specific information.
${SHELL:-/bin/sh} << 'marcinDELIMITER0e4bb3e8'
php "$realFile".php
marcinDELIMITER0e4bb3e8
It doesn't seem to be a permission issue because I can su to apache and run the exact command needed. The folder the files are located in are also owned by apache. I've also resulted to giving each file I try to run 777 or 755 permissions through chmod so I don't think that's the issue.
I figured out a coupe ways around it a while back. The way I'm using right now is an ssh2 connect to my own server as root and creating it that way. No compromise as you have to enter the password manually each time. Really bad work around. The main issue is that apache doesn't have the correct permissions to do everything needed for the AT job so someone figuring that out would be awesome. Another option I found on a random webpage would be to use sudo through the php script, but basically the same minus having to reconnect to your own server. Any other options would be appreciated.
Reading the manual and logs would be a good place to start. In particular:
The value of the SHELL environment variable at the time of at invocation will determine which shell is used to execute the at job commands. If SHELL is unset when at is invoked, the user’s login shell will be used; otherwise, if SHELL is set when at is invoked, it must contain the path of a shell interpreter executable that will be used to run the commands at the specified time.
Other things to check are that the user is included in at.allow, SELinux is disabled and the webserver is not running chrrot.
I'm using IIS 6.0 and PHP and I'm trying to write a php script that automates a process to 1) create an installer and 2) digitally sign the installer. I've created a batch file that does each individually. If I go to the server and manually run the batch files, both work perfectly. If I run them via PHP, only the installer is created but it is never digitally signed. I have confirmed that:
All files referenced in the batch files have full rights for the IUSR_[COMPUTER-NAME] user.
It is not an issue with the file not being fully created yet by the first batch file. I can put the already created Setup.exe file in the folder and run only the second batch file via PHP with the same results.
The batch file is actually getting run. I've put a MKDIR command in the same batch file after the digital signing command and the folder is created.
The code I use via PHP to run the batch files is:
system('cmd /c C:\\Inetpub\\createInstallers\\step1.bat');
The create installer batch file looks like this:
"C:\Program Files\Inno Setup 5\ISCC.exe" C:\Inetpub\createInstallers\createInstaller.iss
I'm using Inno Setup to do this found here: http://www.jrsoftware.org/isinfo.php
The digital signing batch file looks like this:
"C:\Inetpub\createInstallers\DigiCertUtil.exe" sign /noInput "C:\Inetpub\createInstallers\Setup.exe"
This is done with DigiCertUtil.exe's command line feature explained here:
https://www.digicert.com/util/utility-code-signing-command-line.htm
As far as I can tell, absolutely nothing happens. I don't believe there are any error messages (but I am a little fuzzy on how to check for them). NULL is returned if I run the digital sign command via shell_exec like this:
$result = shell_exec('"C:\\Inetpub\\createInstaller\\DigiCertUtil.exe" sign /noInput "C:\\Inetpub\\createInstaller\\Setup.exe"');
var_dump($result);
Does anyone have any idea why this might not be working? Could this be some permissions issue or security limitation?
I found the underlining problem and the answer. The problem was that the certificates are imported in the user's personal store on a per user basis, so when I tried to run the DigiCertUtil program via PHP, it could not find the certificates because the IUSR did not have a personal store with the certificate to use. IUSR is a temporary user and thus does not have a personal store. There might be a way to put the certificate into the machine's store, but I could not find it.
Instead, I used PSExec to run the program locally but with a different user than the IUSR account, like this:
shell_exec('C:\\Inetpub\\createInstallers\\psexec \\\\127.0.0.1 -accepteula -u myUser -p myPassword -i cmd.exe /c C:\\Inetpub\\createInstallers\\DigiCertUtil.exe sign /noInput C:\\Inetpub\\createInstallers\\Setup.exe');
No batch files required! It would be just as easy to run a batch file as a different user though with this same methodology.
I'm running a bunch of local Kiosks on mac mini's and have been using dropbox to keep all the files in sync. However - the dropbox updates have been sketchy as of late because of the firewall settings where these things are. A workaround I have found is by having dropbox quit and restart periodically to force it to update.
My question is - since all of these are running php applications on MAMP - is there a way to launch a local app from php? I'm able to kill dropbox by doing something like this:
$killit = killall -KILL Dropbox;
But it doesn't work the same to restart it. I've tried doing this:
$start_dbox = open /Applications/Dropbox.app;
To no avail. Is there a better way to automate this process of shutting down and reopening a local application?
I've had similar problems trying to control software remotely. The 'open' command must be executed either as the currently logged in console user, or from a terminal owned by the console (e.g. Terminal.app).
If you change your PHP to redirect STDERR, you should see the error that 'open' is returning:
$start_dbox = "open /Applications/Dropbox.app 2>&1";
The following text should then be returned from the system call:
LSOpenURLsWithRole() failed with error -10810 for the file /Applications/Dropbox.app.
One workaround I've used in the past is to create a lock file somewhere in the filesystem, which your PHP script can write to and your console user can read. Then, you can create a cron that runs as the console user and periodically checks the lock file to see if it needs to restart Dropbox.
I was actually able to solve this by creating a shell script with the following:
#!/bin/sh
export DYLD_LIBRARY_PATH=""
osascript -e 'tell application "Dropbox" to activate'
Saved it as start_db.sh and dropped it in my root apache directory (so there was no permissions problem for that user).
Then in my php file I was able to do:
$start_dbox = exec('/full/path/to/start_db.sh');
Worked like a charm. Dropbox now quits and restarts with no issues.
i am using arch linux. i want to execute the php file which changes the ip of the system. i did
ifconfig eth0 192.168.163.137
in the terminal and it works fine. the same i tried doing with
shell_exec('ifconfig eth0 192.168.163.137');
in a php file and tried opening the page from a remotely located web browser from another pc connected via router. teh page displays nothing and the code also doesnt execute. i guess its the problem with the user executing it.apache is executing it. so i want it to be run by the root.can anyone please guide me to the execution of my code. i even installed sudo and just put
shell_exec('sudo ifconfig......');
it too doesnt execute...please help...thanku..:)
Sudo normally requires an interactive shell to enter your password. That's obviously not going to happen in a PHP script. If you're sure you know what you're doing and you've got your security issues covered, try allowing the Apache user to run sudo without a password, but only for certain commands.
For example, adding the following line in your sudoers file will allow Apache to run sudo without a password, only for the ifconfig command.
apache ALL=NOPASSWD: /sbin/ifconfig
Adjust the path and add any arguments to suit your needs.
Caution:
There might still be complications due to the way PHP calls shell commands.
Remember that it's very risky to allow the web server to run commands as root!
Probably a better alternative:
Write a shell script with the suid bit to make it run as root no matter who calls it.
shell_exec
This function is disabled when PHP is running in safe mode.
Documentation : http://php.net/manual/en/function.shell-exec.php
So, maybe try tweaking your php.ini file?
Write the commands to a queue and have cron pick them up, validate them (only allow known good requests), and run them, then mark that queue complete with the date and result.
Your end-user can then click/wait for update using ajax.
I'm building a PHP web application that will run on my machine, and one of its purposes is to call HandBrakeCLI with an exec() or similar call. If I run the command
HandBrakeCLI -i path_to_dvd_drive -o output_file --preset preset_name
from a shell, it works fine. However, when I put the exact same command in an exec() php function (or similar), it doesn't work, and doesn't return anything, aside from a return status of 0. No errors, nothing else.
Is this just a simple permissions issue that I'm not seeing, due to the lack of errors being spit out? Or am I missing something else?
For debugging, try running the command from the console but as the user PHP runs as. Here are some pointers how to find out which user that is.
Then use sudo to run the command as the Apache user. You will probably get more helpful information from that.
try to exec your script using absolute path (type which HandBrakeCLI in terminal to find it) and append 2>&1 to the end of command, like:
exec('HandBrakeCLI -i path_to_dvd_drive -o output_file --preset preset_name 2>&1')
this way if command outputs anything to stderr you will see it.
is handbrake in the path of whatever shell PHP is invoking when it does the exec()? Does whatever account PHP/webserver is running under have access to the directory where handbrak.exe is, and have permission to execute handbrake.exe? Does the webserver account have permissions to access the dvd drive, etc...
Many things to check, and without better diagnostic information, this is about the best you'll be able to get here.