Platform Details: IIS7, PHP5, Windows Server 2008
Server Name: server1
I'm attempting to use php's exec() function to execute a .bat file which has the following command:
winrs -r:server2 "C:\custom_functions.bat"
However, when I execute that command, it does not work. When running the custom_functions.bat file directly on server2, it works fine therefore, the problem is not likely to be my code. I'm guessing its a permissions error.
When I execute exec("whoami"), it returns "nt authority\network service" as the user.
If I execute any basic windows commands through php exec() function such as exec("ipconfig") or exec("dir c:\"), they work fine. The problem comes when I'm trying to use WINRM to execute a command on a remote server. I have used php's system() function as well - with same results.
Please help!?
To run a command on a server, you need authorization on that server. When you run the command manually from the prompt, you have access through your user account.
When IIS runs the command, it runs as a build in user, that has no access to server2.
I do not advise to give the webserver process access to server2.
Related
I am trying to run a php script on a remote server using ansible.
Running the script with the ansible user (which ansible uses to login to the server) works perfectly. The ansible task however fails when there are include statements in my php script.
My php script lays in /srv/project
it tries to include includes/someLibrary.php
Everything works fine when running the script as any user with the correct access rights but when running it via an ansible task
- name: run script
shell: 'php /srv/project/script.php'
it fails with: failed to open stream: No such file or directory in /srv/project/includes/someLibrary.php
Running a very basic php script works nicely though.
I just found the solution to the problem.
The problem was that when I executed the script by hand, I connected to the server and cd'd into the /srv/project directory before calling php script.php PHPs include in this case looks in the current directory for the files I want to include. When ansible connects to the server it did not change the directory thus producing the no such file or directory error. The solution to this is simple as the shell module takes a chdir as an argument to change the directory to the one specified before running the command.
My ansible task now looks as follows:
- name: run script
shell: 'php /srv/project/script.php'
args:
chdir: '/srv/project'
Thanks everyone for your help!
Ansible runs under a non-interactive ssh session, and thus does not apply user environment settings (eg, .bashrc, .bash_profile). This is typically the cause of different behavior when running interactively vs. not. Check the difference between an interactive printenv and raw: printenv via Ansible, and you'll probably find what needs to be set (via an ansible task/play environment: block) to get things working.
I'm controlling my home automation with a Raspberry Pi and webserver. I use this line to turn on my lights (sending an RC signal to wireless power socket).
exec("sudo ./../../../home/pi/wiringPi/examples/lights/action 63 A on");
This is working when the script is ran by a cron job, but when I manually want to execute this command (using a php form and buttons), it does not work. I tried adding $output, $return); and checking $return, and that confirms the exec() function is not executed. However, when I use something like exec("whoami");, the script is executed.
What is it about my command that makes it work only in cron jobs? I had this working once, don't know what happened. Manually sending the command via ssh in the terminal is working normally.
Fix permissions on this command and run it without sudo (for ubuntu default php user is www-data, for suse wwwrun, ...).
Check the path also. I recommend absolute paths.
I'm trying to make a hook on bitbucket, that executes a php file, and this file executes the pull command:
shell_exec('/usr/local/cpanel/3rdparty/bin/git pull');
The pull command works fine on the SSH console, but the PHP returns the error:
Permission denied (publickey). fatal: Could not read from remote
repository.
Please make sure you have the correct access rights and the repository
exists.
The command --version shows the path to git is right, whoiami returns the same user on both, so I don't know if it is a permission issue.
What can be going wrong?
Edit: An additional issue: the alias I added for git don't work on PHP, only the full path as above. Via terminal it works just fine. Maybe it's the same reason why the key don't work in php.
Edit 2: $PATH is different on both.
When you run this command within a PHP script you are not running the command as yourself:
shell_exec('/usr/local/cpanel/3rdparty/bin/git pull');
The reason it works from the terminal console is you run the command as yourself from the console. But on a web server, you are not the user running the command. Remember: When you run PHP on a web server, it is a an Apache module. Meaning the web server user—which could be www-data, root or even apache on some systems—is running the PHP script which then runs the shell_exec command.
So it would never work as you have it setup. Perhaps you can kludge something together that would allow a key-pair to be used by the web server for these purposes, but that seems like a security risk waiting to happen.
I have a shell script that called ant -buildfile /some/where/build.xml
That works fine. When I try to exec('shellScript'); or exec('ant -buildfile /some/where/build.xml'); it will fail. I have tried passthru, system, pcntl_exec, popen, and shell_exec with both the shell script and the command.
The build script uses SVN, and checks out some files. That's where it fails. In the ant script output, I get:
checkoutTrunk:
[svn] started ...
[svn] failed !
When I run the command or the shell script from SSH, everything works fine. Why would being called from a PHP script stop the checkout from working?
After getting nowhere, I changed the command it was trying to execute to 'id'. I found out that PHP was running as a different user than I thought. When I SSH as that user, I get an error when I run the command due to not having access to write to a directory. Once I changed permissions on those directories, I could then run the command as the PHP user from SSH. After I could do that, it also worked from the PHP script.
Here's my goal :
I have a Windows XP PC with all the source code in it and a development database.
Let's call it "pc.dev.XP".
I have a destination computer that runs Linux.
Let's call it "pc.demo.Linux".
Here's what I've done on "pc.dev.XP" (just so you get the context) :
installed all cygwin stuff
created a valid rsa key and put it on the dest
backup computer so that ssh doesn't
ask for a password
rsync works pretty well this way
If i try to do this on "pc.dev.XP" via a command line :
cd \cygwin\bin
ssh Fred#pc.demo.Linux "cd /var/www && ls -al"
this works perfectly without asking a password
Now here's what I want to do on the "pc.dev.XP":
launch a php script that extract the dev. database into a sql file
zip this file
transfer it via ftp to the "pc.demo.Linux"
log to the "pc.demo.Linux" and execute "unzip then mysql -e "source unzipped file"
if I run on "pc.dev.XP" manually :
putty -load "myconf" -l Fred -pw XXX -m script.file.that.unzip.and.integrates.sql
this works perfectly.
Same for :
cd \cygwin\bin
ssh Fred#dest "cd /var/www && ls -al"
If I try to exec() in php (wamp installed on "pc.dev.XP") those scripts they hangs. I'm pretty sure this is because the user is "SYSTEM" and not "Fred", and putty or ssh ask for a password but maybe I'm wrong.
Anyway I'm looking for a way to automate those 4 tasks I've described and I'm stuck because exec() hangs. There's no problem with safe_exec_mode or safe_exec_dir directives, they're disabled on the development machine, thus exec() works pretty well if I try some basic stuff like exec("dir")
Any idea what I could do / check / correct ?
I'm not sure if this is what you need, but I typically use a construct like this to sync databases across machines:
php extractFromDb.php | ssh user#remote.com "mysql remoteDatabaseName"
This executes the PHP script locally, and pipes the SQL commands the script prints out through SSH straigt into the remote mysql process which executes them in the remote database.
If you need compression, you can either use SSH's -C switch, or integrate the use of your compression program of choice like this:
php extractFromDb.php | gzip -9 | ssh user#remote.com "gunzip | mysql remoteDatabaseName"
You want to do this from PHP running under apache, as in I go to http://myWebserver.com/crazyScript.php and all this happens? Or you just want to write your scripts in PHP and invoke them via cmd line?
If you want the first solution, try running your apache/iss under a different user that has credentials to perform all those tasks.
"if I run on the development PC manually this works perfectly.".
Why not do it like that? When you run that script, I assume you're connecting to the local SSH server on the dev machine. When you do this, you are using the credentials Fred, so everything works. When you run the PHP script, you are right that it is probably running as SYSTEM.
Try either changing the user that apache is running as or use php to connect to the local ssh thereby using alternate credentials.
Here's what I did :
a batch file that :
Calls a php file via "php.exe my_extract_then_compress_then_ftp.php"
Calls rsync to synchronize the source folder
Calls putty -l user -pw password -m file_with_ssh_commands_to_execute
It works like a charm.