How can I tell if PHP is running in FCGI mode ?
phpinfo , sapi_name() returns always CGI/FCGI even when running in suPHP mode.
Is it possible to produce a php code that fails/work only with FCGI?
I know it is possible to force suPHP to fail when the script is owned by root, I am looking for the same kind of trick.
EDIT: found "PHP_FCGI_CHILDREN" in environnement only when i think fcgi is enabled , maybe that is it ?
suPHP runs PHP in CGI mode as a separate process, which is why you see CGI/FCGI.
When you run PHP in FastCGI mode, you can set particular environment variables, such as (what you mentioned) PHP_FCGI_CHILDREN. This could be a way, but you could also modify the FastCGI wrapper script to define your own custom environment variable and test on that.
Related
If I'm already running code in a background by exec
and inside it I call for another exec.
Is it possible ?
If so, does it need special permissions ?
The error I have (and I suspect nested exec in it):
exec() has been disabled for security reasons
Regular exec enabled and works.
Technically it's possible to have an exec in your exec, but it looks like you're using different configurations. Usually PHP has to different sets (Apache and CLI) of php.ini files (which might be configured to disable the exec function at all.
I assume your first exec call is coming from apache, which then calls a php script on the command line. The second seems to have a different configuration and therefore disallow the exec-call. So best have a look at /etc/php, if there are different php.inis set.
Can you please share your code.... It is difficult to determinate if there is any problem without looking the code.
If you have access to use exec it should not be a problem to use exec inside another exec.
This is your localhost or a shared hosting? Most shared hosting disable exec for security reasons.
Can anybody tell me why using the pcntl lib on production servers is discouraged? The PHP manual tells very briefly about it, and I'm in a dire need to use this library...
Is there another way to do the same thing in php?
pcntl is discouraged in production environments because the functionality it supports (fork, process control, signal handling) are fairly explicitly things you should not be using in a CGI style application. Now, if you're writing a daemon or command line application in PHP, that is another matter...
From the PHP manual:
Process Control should not be enabled within a web server environment and unexpected results may happen if any Process Control functions are used within a web server environment.
one has to be clear about the differences of a php cli script and a sapi/cgi script.
php on production systems may as well have support for pcntl.
the important thing here is to have 2 php config files. one for cli and one for cgi setup.
one then has to disable pctnl in the cgi setup because the real security issue is, that forking a script when executed by the webserver may leave zombie processes flooding the system.
in a cli environment it might be necessary to be able to write scripts that fork...
I have been trying to understand the exact meaning/purpose of loading php as an apache module vs the rest.
When php is installed as an apache module, what exactly happens? For example, does reading the php-ini file happen every time the php request comes or when the php module is loaded alone?
php.ini is read when the PHP module is loaded in both mod_php, FastCGI and FPM. In regular CGI mode, the config file have to be read at runtime because there's no preforked processes of any kind.
I think the only real advantage of running PHP as a module inside the web server is that the configuration might be easier. You get a lot better performance when you run it in FastCGI or FPM mode and can use a threaded or evented (instead of forked) Apache, or when you can throw out Apache altogether.
This link may help: http://2bits.com/articles/apache-fcgid-acceptable-performance-and-better-resource-utilization.html
Conclusion
If pure speed is what you are after, then stay with mod_php.
However, for better resource usage and efficiency, consider moving to
fcgid.
php.ini is read when the module is loaded in the case of an Apache module. PHP CGI uses a php interpreter executable like any other shell script would do. Since there is no state involved at each invocation, the config file would have to be read every single time in case of CGI.
What are the differences between mod_php and cgi php script?
I mean, why it's better (is it?) to use mod_php instead simple php scripts, running them as CGIs?
Thanks
When using CGI : a PHP process is launched by Apache, and it is that PHP process that interprets PHP code -- not Apache itself.
In theory, a distinct PHP process has to be created for each request -- which makes things slower : Apache has more work to do to answer a request.
(Well, as pointed out by #AlReece45 in a comment, this can be made better using FastCGI)
When using PHP as an Apache module (mod_php, or mod_php5), the PHP interpreter is kind of "embedded" inside the Apache process : there is no external PHP process.
Which means :
No forking to answer a request (faster)
Better communication between Apache and PHP
Generally speaking, I would say that mod_php is the solution that's used the most.
Plain CGI requires process to be spawned for each request at the time of request.
mod_php requires you to use bloated apache instead of slick nginx or lighttpd. Besides, "better communication between Apache and PHP" mentioned by Pascal may harm apache (it harms anyone who develops in php!;-)).
FastCGI lets you separate php from the web server (possibly run it on the different host).
Also, php.net just released a vulnerability today where source code disclosure is possible if you are using mod_cgi to run PHP and your PHP version is older than PHP 5.3.12 or PHP 5.4.2.
http://www.php.net/archive/2012.php#id2012-05-03-1
Patch by upgrading or applying a mod_rewrite rule.
From inside a PHP program I want to know the location of the binary executing it. Perl has $^X for this purpose. Is there an equivalent in PHP?
This is so it can execute a child PHP process using itself (rather than hard code a path or assume "php" is correct).
UPDATE
I'm using lighttpd + FastCGI, not Apache + mod_php. So yes, there is a PHP binary.
eval/include is not a solution because I'm spawning a server which has to live on beyond the request.
Things I've tried and don't work:
$_SERVER['_'] looks like what I want from the command line but its actually from an environment variable set by the shell of the last executed program. When run from a web server this is the web server binary.
which php will not work because the PHP binary is not guaranteed to be the same one as is in the web server's PATH.
Thanks in advance.
The PHP_BINDIR constant gives you the directory where the php binary is
Yeah, $_SERVER['_'] is what you're talking about, or as near as exists. The reason you're getting a Web server binary when it's run from the web is that /usr/bin/php has nothing to do with the Web server's execution; what it's running is a separate SAPI. There's nothing from the web PHP instance to point to /usr/bin/php because there's no reason for there to be.
The PHP_BINDIR constant is probably the easiest thing to use; the next best thing I could come up with is basically re-creating that bindir path from the extension_dir configuration setting:
$phpbin = preg_replace("#/lib(64)?/.*$#", "/bin/php", ini_get("extension_dir"));
It has a regex in it, so it feels more like your native perl(!) but otherwise is not especially optimal.
In PHP5.4 you can use the PHP_BINARY constant, it won't work via mod_php or similar but will via CGI etc.
For earlier versions of PHP readlink('/proc/self/exe'); will probably be fine, again it won't work via mod_php.
Depending on the way php is installed you CANT find the php executable.
if php is running as a module for the webserver like apache module, then there is no binary you can call.
you can take a look into php_info() it lists everything.
may also the path to php. within that path you can assume a php binary.
but why do you want to call a extra process?
you can execute other php files by include command or eval.
there is no reason to spawn a new process.
what about:
<?php
exec("which php");
?>
But, it's unix/linux only:D
I've been looking for the php7 executable on my mac (OSX El Capitan) in order to configure and install xdebug (needed to find the right version of phpize to run). None of the solutions I found worked for me, so I just ended out searching for it:
find / -name php -print
I knew (from phpinfo()) that I was running php7, so I was able to infer the correct directory from the options presented by find.