We Keep Coding

"exec('sh foo.sh')" in PHP not working

I've recently set up my Apache2 Server on my Linux machine. Now I've wanted to execute a PHP script (index.php), which runs a shell script (foo.sh), which creates a folder in my home directory, but the directory was not created.
These are the original two files:
foo.sh:
#!bin/bash
mkdir /home/lorenzo/testDir
index.php:
<?php
exec('sh test.sh');
?>
So, I thought maybe the problem occurs because of privileges or something, and indeed after I changed the files to that:
foo.sh:
#!bin/bash
echo "Hello world"
index.php:
<?php
$temp=exec('sh test.sh');
echo $temp;
?>
I saw the output Hello World on my website.
So the PHP script is executed and it runs the shell script. But why can't the shell script execute the mkdir command?

This indeed is most likely a permission issue.
You first have to figure out which user apache runs at. This is usually www-data (on Debian-ish Linuxes, such as Ubuntu) or apache (on RedHat-ish Linuxes) or something along the lines. A ps -eF | grep apache will reveal the user.
After you figured that out, make sure that the apache user has the appropriate rights in your home directory. You can either add it to your user group (using usermod -a -G ... and then chmod g+w ~) or allow writing for all users (chmod o+w ~).
But, both of this is a bad idea. Your php script (or anything else running as the apache user) can be broken into and cracked, leaving you home directory open for malicious attackers to modify and rm -rf.
In addition, if you’re running a RedHat-ish Linux, you will run into SELinux which by defaut prevents apache from accessing user directories at all. In that case, you also have to set setsebool -P httpd_enable_homedirs on.
Instead, I would recommend that you use a different directory and give your user full access to that. Something along the lines of /var/www/testDir with the apache as owner and group, and adding yourself to the apache user group is probably a sane idea.

It looks like a permission issue. Make sure that Apache has write permission to that directory

You may have permission issues on the server. Try to use chmod -R 775 <dirname>(or 777) in your ssh command line. You can do this in php code with chmod() too but I don't suggest you because it would run it everytime the php code runs and changing it more times is pointless. It can output to the screen but I bet the directory the script wants to make file has permission 755. Try to check it.

using exec command in php doesnt work

I have to automate a process using php in which I have to append content in a file.
The file does not have any specific permissions specified but the folder 'abc' has read only permissions, so fopen() prompts permission denied when I try to append a file.
But I can edit the file manually and also from the command prompt. So I tried the following:
When I try
echo exec("echo Testing>>\\xx.xx.x.x\C$\abc\test.txt");
in my script, it does not work.
If the same command
echo Testing>>\xx.xx.x.x\C$\abc\test.txt
is run on cmd it works.
I even tried psexec:-
echo exec('C:/psexec \xx.xx.x.x cmd /c \"echo Testing>>C:\abc\test.txt\"');
again when i run
C:/psexec \xx.xx.x.x cmd /c "echo Testing>>C:\abc\test.txt"
on cmd it works fine.
Is it anything to do with exec() that I am doing wrong?
OR Is there any other way I can edit file, because I should not change the folder permissions but still get the process automated.

I assume you are using Windows. On Debian Linux, I would tell you to give write permissions to user www-data on the appropriate directory.
You probably need to give the local IIS worker account write permissions on the directory. The local IIS worker account is likely named something like IUSR_[SERVERNAME].

Some webhosts decides to remove the function exec for security reasons.
view your php info and check if yours is disabled.

Git WebHook will not pull (PHP)

I have a PHP file, hook.php, that looks like this:
<?php
`cd .. && git pull`;
The file is located in /var/www/oliverash.me/site/. However, the git repository that needs to be pulled is /var/www/oliverash.me/. ./site is the folder Apache looks to as the document root.
When I run the file in my browser, it does not seem to be pulling the repository.
I have also tried to echo the result, but the page is blank.
<?php
echo `cd .. && git pull`;

I can't post a comment in reply to you, but I am assuming that you are running a *nix system. You will be getting a permission denied if your apache/php daemons don't have permission to access .git/. You can change the owner/group of the .git/ directory recursively. Or do a chmod -R o+rw .git/* to give everyone (ie, not owner, not group) access to read and write in the git directory, which should clear up the permissions error that you are getting.
EDIT
Just re-read the question, so what follows probably isn't needed, but leaving it just in case.
Though, doing that, you need to keep in mind that anyone with access to your server will be able to go to http://myurl/.git/ etc to access those. So as a security precaution, I would add a .htaccess file like:
order deny, allow
deny from all
in the.git directory so that apache will deny access from a web browser to everything in there.

You've certainly got a permissions issue, maybe a couple.
The php page is going to execute as the apache user
That user must be able to write to the git repo in question
That user must be able to do the pull in question
You didn't specify what the source of the pull is, but if it's, for instance, a git: or ssh: repo, then that user will need perms (keys, username/password, whatever) to access the remote to do the pull from.
Just saw that it wants /var/www/.ssh - so you're using a ssh:// remote, which is fine, but since it's running as user apache (/var/www is user apache's homedir), it's looking for keys in /var/www/.ssh, which it's not finding, hence the failure. Solutions:
use sudo to switch to a user that does have perms and run the git pull as that user (in your php, do 'sudo git pull', and in your /etc/sudoers put a line allowing user apache to run the 'git pull' command)
set up a .ssh/config file that specifies a Host that's the remote, a User to use to login, and an Identity that is the path to the private key that the remote will allow to ssh in and do the pull.

create webhook.php in the root or anywhere from where you can access it
$result = exec("cd /path/to/repo && git pull origin branch");
make sure the permission is 775 and user of your file and your site directory is www-data owner

You are having a problem with the user here that is executing the command.
According to your various comments, the system commands are executed as the user named apache (homedir is /var/www). You can verify this by running the whoami command from within your PHP script:
<?php echo `whoami`;
That user named apache is commonly the user your webserver runs under, which then runs PHP which then runs the shell commands.
Obviously you want to run the command as some other user, but you have not shared so far the information which one.
Run the shell command under the right user and the problem should go away.
On a linux system, the command to run other commands under a different user is called sudo, another one su:
sudo(8) - Linux man page
su(1) - Linux man page
Alternatively you can make use of suexec to execute PHP under a different user than the webserver user.
In any case you need to ensure that you have a user that is able to execute the git command. I have no clue how you tested that on your own, best way I know is to ssh into the server box, do the git pull manually and collect the needed data like user-name, homedirectory etc. .

Calling an svn update from a php script via a browser is not working

I have two scripts.
running an update and calling shell_exec('svn update') and shell_exec('svn st')
running a mysqldump shell_exec('mysqldump params')
The svn script is not running the update command, the svn st is printing results but not the svn update
I tried to declare parameters when calling svn update eg
'svn update ' . dir . ' --username myuser --password mypasswd --non-interactive';
-- still nothing
Played with most of the params
If this is something related to binaries/permissions/groups, I don't see it.
The mysqldump command works fine and is producing a file, so why isn't the svn updating the filesystem?
Please do not advise using core SVN classes in PHP. This is not an option, I don't have complete control over the server and the module is not available.
Thanks for your help,
-hbt
PS: important thing to mention here. The scripts works when called via the command line. It only fails when called via a web browser.

I was also encountering the same problem but not even permissions solved it.
Based on some of the other advice here, I did:
<?php
echo shell_exec('2>&1 svn update /path/to/checked/out/directory/ --non-interactive');
I then got an error dumped into my browser:
svn: warning: Can't open file '/root/.subversion/servers': Permission denied
svn: OPTIONS of 'http://my.svn.server/svn/project/trunk': authorization failed: Could not authenticate to server: rejected Basic challenge (http://my.svn.server)
Not sure why my web server user tried to access /root but I fixed the problem without changing any permissions by adding --config-dir to the svn up command:
<?php
echo shell_exec('2>&1 svn update /path/to/checked/out/directory/ --non-interactive --config-dir /path/to/my/home/.subversion');
*Note that /path/to/my/home/.subversion exists because the initial checkout was done on the command line

to get the standard error in the return value use :
shell_exec('2>&1 svn update')
it doesn't work if you put the 2>&1 at the end

It might be permission problem: script called via a web browser runs under different username than svn working directory's owner, therefore it has read-only access. Read-only access should be enough for svn status to execute, but not for svn update (though in this case there should be an error like "svn: Can't open file '.svn/lock': Permission denied").

Have you tried the PECL svn extension? You don't need to use shell_exec for this.

OK. I got it.
It is an issue with permissions. The .svn directory must have the right permissions because the svn update command is using those directories to write stuff.
So!
---Make sure you run all chmod commands as sudo or root----
run a chmod 777 on .svn directory
run an svn update via command line
call script
If nothing. You must run chmod 777 recursively for all .svn directories then run another svn update
Still nothing?
Make sure you don't have two svn clients
In my case, the svn client used by the UI is different from the svn (command line)
If you have two clients, make sure they are running the same version
Or update your script to call the client directly.
Still nothing?
Run a chmod 777 -R *
svn update
and try again
If you can make it work with another set of permissions, please let me know. I know that 777 is not ideal, but I can't make it work with something lower.
Thanks again guys.

Yes, the problem is the permissions with the .svn directory.
Make sure it has the correct permissions for the user that PHP is running as (in my case it was apache) and chmod it to 775.

CHMOD a linux directory using PHP on an apache server

Has anyone ever used PHP (proven and successful) to CHMOD a directory through a Web Browser?
My roadblocks are:
(a) PHP script runs as "nobody" from the browser
(b) directory above the one I want to CHMOD is owned by the ftp user and "nobody" does not have write permissions to it
So when I try to chmod 0666 /usr/www/dirOwnedbyFTPuser/dirIamTryingToCHMOD/ I get Permission denied
If you have ever written and successfully run a script to do this, can you share the snipit of code with me? Thanks...been at this for months.

Yes it is possible to do this via php. Usual linux permissions rules apply however so as you are looking to chmod scripts not owned by the apache user (nobody) and the apache user does not have write permissions then one method is to give apache permission to use sudo
Be warned - this is potentially a massive security hole!!!
You can give apache permission to use sudo by editing the sudoers file. It is recommended that you do not edit this file directly as an error can leave you completely screwed so on my (Ubuntu) system I type
sudo visudo
Then you need to add a line for your "nobody" user. You can restrict sudo permissions to a particular script or folder so i would recommend writing a shell script to change the permissions and then placing this in a folder away from any other scripts. That way apache doesn't have complete root privileges on your system (which is a pretty scary thought). You can also put some code in the shell script to restrict which files can be changed.
You also need to allow apache to sudo without a password as you have no way of entering the password through php. So the line you would add is something like
nobody ALL=(ALL)NOPASSWD:/path/to/my/script
Then in php you just prefix the command with sudo
passthru ("sudo /path/to/my/script ...");
(there are a few other functions you can use instead of passthru(), was just the first that came to mind)
As I said before, this is potentially very dangerous and whilst the above will work, I have only used it on my own private system before, never on a public production server. I'm sure plenty of people will have comments on the security of this so I would be interested to hear what other potential pitfalls and security holes there could be with this method. I know a similar thing can be done using SuExec but am not so familiar with it so if anyone has any pros or cons of SuExec over this method I would be interested to hear them.
Final note: I would change the apache user from nobody to something like 'apache' or 'www' - probably just being silly but I don't like the idea of giving root permissions to a user called nobody!!!
Hope this helps!

Yes, you can chmod from php via a web browser. (yes we all know it can be a bad idea)..
But - you can only chmod files that the php script has permission to use! if your web server runs PHP as nobody, then you can chmod any files owned by "nobody"...

http://www.php.net/ftp
You could have php log in as the ftp user and do it.