I am running PHP under IIS 6.
When I use any PHP function to run cmd commands (like exec() or system()), it always shows "Access is denied".
Even commands like ipconfig are showing same "access is denied" error. I have given all the permission to my project folder but it did not work.
Please let me know anyone the cause of it.
When you execute some command using exec, that command will be executed with the user account that is running IIS (which tipically is IUSR_«machine-name» on IIS 6), so your project's permissions don't have nothing to do with this.
What you need to do is to chance the permissions of the file C:\Windows\System32\cmd.exe and add permissions for IUSR_«machine-name».
Besides this, you'll probably need to use CACLS to change the access control list. Replace IUSR_MachineName on the following command for the user executing PHP and then execute this command:
CACLS c:\windows\system32\cmd.exe /E /G IUSR_MachineName:F
If you get an error and can't change the ACL, your last resource is to execute the following command first:
takeown /F c:\windows\system32\cmd.exe
You also might need to set the correct permissions and ACL for the commands you're trying to execute (for eg C:\Windows\System32\schtasks.exe)
Note: Do this with caution though. If you have some vulnerability that allows your users to execute commands, it can have nasty consequences.
Related
i have an application called app.exe it's create a file called account.txt in the same folder c:\ , the problem is that when i run the program from php exec function or cmd the account.txt file is not creating
i think the problem is from the permissions.
Run From: What happened
Manualy Executed and created the file account.txt
PHP exec Executed but it did't create account.txt
CMD Executed but it did't create account.txt
for php i use:
exec("C:\\windows\\system32\\cmd.exe /c START c:\app.exe");
for cmd i use:
START C:\app.exe
A program that requires elevation should specify so in its manifest. This would not help with the PHP issue though, especially if this is a web server using PHP. It is not possible to elevate without showing the UAC UI.
I'm not aware of a simple way to request elevation when executing something in Cmd. You might just have to start Cmd elevated (Right-click and "Run as Administrator").
PHP might be running as a different user but you gave us zero information about your setup so I don't know.
Without knowing anything about app.exe nor your Windows version or general configuration it is hard to give specific advise.
If you want to confirm that it as a permissions problem you can try running Process Monitor so you can see why the file operation fails.
You should be able to use the runas command
runas /profile /user:*admin user here* “*path to program here*”
you will then be prompted for that users password and after that it should run as admin.
This is really simple but I cannot get it to work at all. Spent many hours and I've always give up. I created php script called copy.php and it should call a python script called copy.py.
I want to execute a command line like this
<?php exec('/var/www/html/copy.py'); ?>
Really simple.
Why cannot I get the python script executed from php exec()? The function inside python script is to get a copy of error_log from a different directory (outside of Apache) into html directory.
If I run that from a terminal
> php copy.php
It did execute the function and made a copy. Why is that the web browser isn't doing it?
Let me simplify this:
why cannot exec("cp /var/log/httpd/error_log /var/www/html/path/to/php/script") work?
it works fine if I type it in terminal but not when run in a browser.
As others have alluded to, the difference is probably permissions. When you run a command from the command line, you're generally not the same users as your apache script is running as.
Put another way, if from the command line you type whoami, you'll probably get whatever name your user account is.
The echo exec('whoami'); from within php shows who the script is running as, which is Apache.
So, whatever command you're trying to run from your web server isn't available to run as the Apache user. You mentioned you've been able to have exec("python /usr/diskpurge/script.py") work, but not to have exec('/var/www/html/copy.py') doesn't. This is due to in one instance you're running python, in the other you're trying to execute your copy.py script. If copy.py doesn't have execute permissions for the Apache user, you're not going to be able to run it from the browser.
Perhaps different settings apply for the Apache environment versus the command line.
Use error_reporting(E_ALL); and ini_set('display_errors', true) to see what errosr may come up.
It is possible that the Apache environment is prohibited from using exec or the fact that Apache runs under a different user that does not have execute rights on the python script.
sounds like a permission error. Check if your server is running with sufficient rights.
echo exec('whoami');
Set your error reporting to report all:
ini_set('display_errors', true);
error_reporting(E_ALL);
and check for errors..
If your whoami returns a user which is not a member of the SU family (linux) or administration (windows) then resite your permissions..
Linux:
Assign the user returned by whoami correct permissions to run python scripts.. Do not allow the resulted username to run as root with total administration powers.. This is a big no no
The only reason its not working is because you didn't set the write permissions!
Do:
sudo nano /etc/sudoers
And then put the following:
www-data ALL=(root) NOPASSWD:ALL
I am having difficulty with the PHP exec() function. It seems to not be calling certain functions. For instance, the code echo exec('ls'); produces no output whatsoever (it should, there are files in the directory). That main reason this is a problem for me is that I'm trying execute a .jar from a PHP exec() call.
As far as I know I'm calling the java program properly, but I'm not getting any of the output. The .jar can be executed from the command line on the server. (For the record, it's an apache server).
My php for the .jar execute looks like this:
$output = array();
exec('java -jar testJava.jar', $output);
print_r($output);
All I get for output from this exec() call is Array().
I have had success with exec() executing 'whoami' and 'pwd'. I can't figure out why some functions are working and some aren't. I'm not the most experienced person with PHP either, so I'm not too sure how to diagnose the issue. Any and all help would be appreciated.
The reason why you are not able to execute ls is because of permissions.
If you are running the web server as user A , then you can only ls only those directories which have permissions for user A.
You can either change the permission of the directory or you can change the user under which the server is running by changing the httpd.conf file(i am assuming that you are using apache).
If you are changing the permissions of the directory, then make sure that you change permissions of parent directories also.
To change the web server user, follow following steps:
Open the following file:
vi /etc/httpd/conf/httpd.conf
Search for
User apache
Group apache
Change the user and group name. After changing the user and group, restart the server using following command.
/sbin/service httpd restart
Then you will be able to execute all commands which can be run by that user.
EDIT:
The 'User' should be a non-root user in httpd.conf. Apache by default doesnot serve pages when run as root. You have to set user as a non-root user or else you will get error.
If you want to force apache to run as root, then you have to set a environment variable as below:
env CFLAGS=-DBIG_SECURITY_HOLE
Then you have to rebuild apache before you can run it as root.
I have found the issue - SELinux was blocking PHP from accessing certain functions. Putting SELinux into permissive mode has fixed the issues (although, I'd rather not have to leave SELinux in permissive mode; I'd rather find a way of allowing certain functions if I can).
I have a solution:
command runs from console, but not from php via exec/system/passthru.
The issue is the path to command. It works with the absolute path to command
So that:
wkhtmltopdf "htm1Eufn7.htm" "pdfIZrNcb.pdf"
becomes:
/usr/local/bin/wkhtmltopdf "htm1Eufn7.htm" "pdfIZrNcb.pdf"
And now, it's works from php via exec
Where command binary you can see via whereis wkhtmltopdf
Tore my hair out trying to work out why PHP exec works from command line but not from Apache. At the end, I found the following permissions:
***getsebool -a | grep httpd*** ---->
**httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off**
USE: setsebool -P httpd_ssi_exec 1
SEE: https://linux.die.net/man/8/httpd_selinux
Your problem is not an execution issue but the syntax of the exec command. The second argument is always returned as an array and contains a single line of the output in each index. The return value of the exec function will contain the final line of the commands output. To show the output you can use:
foreach($output as $line) echo "$line\n";
See http://php.net/manual/en/function.exec.php for details. You can also get the command's exit value with a third argument.
i am using arch linux. i want to execute the php file which changes the ip of the system. i did
ifconfig eth0 192.168.163.137
in the terminal and it works fine. the same i tried doing with
shell_exec('ifconfig eth0 192.168.163.137');
in a php file and tried opening the page from a remotely located web browser from another pc connected via router. teh page displays nothing and the code also doesnt execute. i guess its the problem with the user executing it.apache is executing it. so i want it to be run by the root.can anyone please guide me to the execution of my code. i even installed sudo and just put
shell_exec('sudo ifconfig......');
it too doesnt execute...please help...thanku..:)
Sudo normally requires an interactive shell to enter your password. That's obviously not going to happen in a PHP script. If you're sure you know what you're doing and you've got your security issues covered, try allowing the Apache user to run sudo without a password, but only for certain commands.
For example, adding the following line in your sudoers file will allow Apache to run sudo without a password, only for the ifconfig command.
apache ALL=NOPASSWD: /sbin/ifconfig
Adjust the path and add any arguments to suit your needs.
Caution:
There might still be complications due to the way PHP calls shell commands.
Remember that it's very risky to allow the web server to run commands as root!
Probably a better alternative:
Write a shell script with the suid bit to make it run as root no matter who calls it.
shell_exec
This function is disabled when PHP is running in safe mode.
Documentation : http://php.net/manual/en/function.shell-exec.php
So, maybe try tweaking your php.ini file?
Write the commands to a queue and have cron pick them up, validate them (only allow known good requests), and run them, then mark that queue complete with the date and result.
Your end-user can then click/wait for update using ajax.
I have a pretty complicated bunch of sql calls that I have stored to a .sql file, that I can't call using sqlsrv_query because there are a bunch of GOs.
From the (windows) command line I can run the sql file using
"path\to\sqlcmd" -U name -P pass -S loc -i "path\to\stuff.sql"
I can also write system( [all that] ) in a php file that I run from the command line using php -f.
However, if I call the same system( [allthat] ) from a php file that I call using ajax on a website, I get no feedback, the sql just doesn't run. I've checked sqlcmd, and it has permissions to allow all users to execute.
Any ideas?
Permissions issue. If you're running it from the command line, it's running under YOUR permissions. When you invoke it via a webserver, it's running with the webserver's permisisons. The webserver will need execute rights (and permission to REACH the sqlcmd) as well as read rights on the .sql file (and permission to reach it).
For that, you may use the shell_exec.