Like many others I have problem with shell_exec() function in PHP. I have safe mode disabled and disabled_functions deleted from php.ini.
If I run php script from terminal (php print.php) it's working perfectly but if I run it from web browser nothing happens.
Here is the scipt:
<?php
$output = shell_exec('lp print.php');
echo "<pre>$output</pre>";
?>
Please help me. I'm running PHP 5.3.10 on Apache2. My OS is Ubuntu Server 12.4. Here is the phpinfo page: http://testni-server.info/info.php
Progamming language PHP allows one to limit executing of external commands via configuration directive safe_mode_exec_dir. This directive should contain full path to a directory conatining programs which PHP script can run. If the script tries to execute a command not located in this directory, the command is not executed. This configuration directive is active only if safe mode is enabled, which means more and sometimes unwanted restrictions to users. PHP has no known possibility to limit executing of external commands with disabled safe mode. Teherefore, here is a patch adding special directive exec_dir straightly into PHP. This directive is very similar to safe_mode_exec_dir, but safe mode has not to be enabled.
This patch limits or corrects the behavior of these functions:
exec()
passthru()
proc_open()
shell_exec()
system()
popen()
is_executable()
The patch was created for purposes of limit execution of external commands of users on a multidomain apache server, first for PHP version 4.2.1. The patch was sent to PHP developers so it could be a part of PHP, but no one of PHP developers was interested in. On the other side, some PHP users wanted this patch, therefore this site was created.
Your command line (CLI) PHP might be using a different working directory and/or path than the CGI one. Try defining the working directory (containing the lp command) explicitly with chdir() before calling shell_exec().
Related
I'm trying to run a ROS shell program on the server through php on Ubuntu 14.04. I have tried using system, exec, shell_exec but nothing happens and I don't get any output. The system call is the following:
echo shell_exec("/opt/ros/indigo/bin/rosrun gazebo_ros spawn_model -database Part_A -gazebo -model Part_A");
What are the limitations of using system or exec to run any shell command through php on a server?
I don't care as much about the output of the command as for its execution. I think the problem has to do with the fact that PHP doesn't have any PATH like shell does so it can't find any applications without specifying the exact location. How can I make PHP se the same PATH shell does?
The problem was that the apache user and the environment in which the bash commands are running are not set up correctly. I followed the instructions from this answer but instead of using "source" I used "." and instead of using the source.bash file I used the source.sh file. I also set all the environment variables that had to do with ros or gazebo using the putenv() function.
I have a PHP script that needs to run from command line. One of the function it calls is socket_create.
In php.ini, I have included the following in order to get that function working (see the comment on http://www.php.net/manual/en/sockets.installation.php):
extension=php_sockets.dll
How do I run the script from command line such that it doesn't complain that socket_create is an unknown function? Does PHP CLI actually respect what's in php.ini? I thought it was supposed to, but I do get errors when running it via CLI and no errors when running it via the browser.
UPDATE: by the way, I'm testing this out: https://github.com/nicokaiser/php-websocket. I assume that the server needs to be executed via command line.
A different php.ini file may apply when running php on the CLI rather than as a web server module. You appear to be using Windows, so I'm not sure where this file may be, but it could provide a clue; look for several php.ini files in your disk and see if one of them applies to CLI invocations.
i couldn't be able to execute ffmpeg command using php exec() function.
Actually all was fine and running before but by mistake we execute this command in SSH
-d safe_mode=off
after that we are facing this problem.
we have on it from the plesk pannel and also checked in php.ini it is safe_mod=on but still we couldn't be able to execute ffmpeg command through exec() function.
Can any one help me please.
Thanks,
Faraz
For exec() to work, you need to have save_mode=off in your php.ini
So the fix should just be: edit the save_mode=on line inside your php.ini to save_mode=off
And restart your webserver
The ssh command should not have anything to do with your webserver.
In the php.net documentation (http://nl3.php.net/manual/en/function.exec.php)
They say:
Note: When safe mode is enabled, you
can only execute files within the
safe_mode_exec_dir. For practical
reasons, it is currently not allowed
to have .. components in the path to
the executable.
When I call /usr/local/bin/pdftk from PHP in Apache (via shell_exec(), exec(), system(), etc.), it returns the SYNOPSIS message as expected.
When I call /usr/local/bin/pdftk input.pdf fill_form input.fdf output output.pdf flatten via shell_exec(), nothing returns.
When I copy and paste the exact same string to the same path in the shell (as the apache user), the output.pdf file is generated as expected.
Moving the pdftk command into a PHP shell script (shebang is #!/usr/bin/php) and executing it with php script.php works perfectly.
Calling that shell script (with its stderr redirected to stdout) from PHP in Apache (via shell_exec(script.php);) results in this line:
sh: line 1: 32547 Segmentation fault /usr/local/bin/pdftk input.pdf fill_form input.fdf output output.pdf flatten 2>&1
Whenever I run the script from the command line (via PHP or directly), it works fine. Whenever I run the script through PHP via Apache, it either fails without any notification or gives the SegFault listed above.
It's PHP 4.3.9 on RHEL4. Please don't shoot me. I've set memory to 512M with ini_set() and made sure that the apache user had read/write to all paths (with fopen()) and by logging in as apache ...
Just went and checked /var/log/messages to find this:
Oct 4 21:17:58 discovery kernel: audit(1286241478.692:1764638):
avc: denied { read } for pid=32627 comm="pdftk" name="zero"
dev=tmpfs ino=2161 scontext=root:system_r:httpd_sys_script_t
tcontext=system_u:object_r:zero_device_t tclass=chr_file
NOTE: Disabling SELinux "fixed" the problem. Has this moved into a ServerFault question? Can anybody give me the 30 second SELinux access controls primer here?
php-cli & php-cgi (or the module, depends on what your server uses) are different binaries. They don't even have to share the same version to live happily side by side on your server. They also may not share the same configuration. Increasing memory usually does nothing to help Segfaults. Points to check:
Are they the same version?
Do they have the same settings (consult the *.ini locations loaded in the phpinfo(); output, and possibly the whole output itself), if not: try what happens if you alter the one for your webserver to the one for the cli as far as possible.
Segfaults occur more in extensions then in the core afaik, and sometimes seemingly unrelated. Try to disable unneeded extensions one by one to see if the problem goes away.
Still no success? You may want to run apache with gdb, but I have no experience with that, it might tell you something though.
No luck? Recompile either the module of cgi your webserver uses.
It's PHP 4.3.9 on RHEL4. Please don't shoot me.
I feel more sad for you then anger, we're beyond the 5.3 mark, come over, it's a lot more happy here.
echo system("/usr/bin/whoami", $ret);
echo $ret;
PHP 4.3.9 on Apache 2.0.52, CentOS 4.5. Safe mode is off, I can run programs as the apache user account from the command line, but all programs run from PHP fail with exit code 127.
See if /usr/bin/whoami exists, and is executable (and readable, mode xx5) by anyone.
See php.ini on doc_root and user_dir, if those are set they can limit what you can execute.
If your Apache or PHP is chrooted, you need to put the application to execute into the chroot.
If there's some other security system or RBAC running on the machine, see dmesg or log files in /var/log/.
Don't forget to use &$ret instead of $ret.
See PHP's exec() and passthru(), different functions might work for different situations.
Know that there's a different php.ini for Apache, and a different one for cli use.