I can run an svn command from the command line but not from within a PHP script. Significantly, I can run the PHP script on my Mac and it returns the expected data just fine but when I upload it to my Linux server it won't work (from within PHP... I can run the svn command from the terminal). I'm pretty sure this is a user or permission issue of some sort.
I can run (from command line):
svn log http://whatever.com/svn/foo
but none of the following work (run separately... not all together like this):
exec('svn log http://whatever.com/svn/foo');
exec('svn log http://whatever.com/svn/foo',$out);
exec('/usr/bin/svn log http://whatever.com/svn/foo');
However this works:
exec('ls');
I assume the problem is that when I run from the command line I am running as root whereas when I run from PHP I am running as the apache user (www-data)? Perhaps? Any suggestions on how to be able to run exec('svn log http://whatever.com/svn/foo');?
Changing permissions to 777 (just trying to get it working!) does not help.
Here are a couple of threads that I think might help:
Thread 1 (read as there is more):
$cmd = '/usr/bin/svn list --config-dir /some/place file:///var/subversion/devfoundry/ 2>&1';
exec($cmd, $output);
$output = implode("\n", $output) . "\n";
echo $output;
Thread 2:
The Subversion error "svn: Can't
recode string" can be caused by the
locale being wrong. Try
<?php
putenv('LANG=en_US.UTF-8');
?>
(or whatever your preferred locale is)
before you call shell_exec()
Thread 3: PHP Interactive Shell
May be you can use a svn client for php. Here is a good one
http://code.google.com/p/phpsvnclient/
When you run Subversion from the command line, you are running it as yourself. That is, you are the user logged in and running the command.
If you are running Php from a webpage, it is the user who is running the Apache httpd daemon (which could be "apache", "www", "runwww", etc. depending upon the platform). The user running the PHP script may not have read/write permissions to the Subversion repository.
You have two ways of solving this:
Provide your program with user credentials via the --username and --password command line parameters.
Setup the user running httpd with Subversion credentials. Once it is done, it'll never have to be done again. This way, your PHP code doesn't contain login credentials.
Related
I am automating installing multiple WordPress blogs on a server. Basically, I need to run multiple wp-cli commands.
Using phpseclib and doing exec(), doesn't work...
When I do something like:
$ssh->exec('wp core download');
I will just get:
/usr/bin/env: php: No such file or directory
Even though I can run it fine, in a normal ssh session...
If I try and $ssh->write the command out and do '\n' it doesn't seem to do anything. Even if I just try to do a simple command like: touch foo.txt
Although that test "touch" command will work with exec...
The system is Ubuntu 14.04...
Any ideas?
I have to connect via SSH from PHP to do this for multiple domains on a server, as new customers come on.
The path to PHP probably needs to be defined. When you SH in with the regular SSH client it's probably running any number of Bash initialization files.
In light of this I have two thoughts.
Try to use a PTY. eg.
$ssh->enablePTY();
$ssh->exec('passwd');
echo $ssh->read();
More info: http://phpseclib.sourceforge.net/ssh/pty.html
Are you doing $ssh->read('[prompt]'); after doing the write("command\n")? You may need to read the stream to get the command to actually be run.
I'm trying to make a hook on bitbucket, that executes a php file, and this file executes the pull command:
shell_exec('/usr/local/cpanel/3rdparty/bin/git pull');
The pull command works fine on the SSH console, but the PHP returns the error:
Permission denied (publickey). fatal: Could not read from remote
repository.
Please make sure you have the correct access rights and the repository
exists.
The command --version shows the path to git is right, whoiami returns the same user on both, so I don't know if it is a permission issue.
What can be going wrong?
Edit: An additional issue: the alias I added for git don't work on PHP, only the full path as above. Via terminal it works just fine. Maybe it's the same reason why the key don't work in php.
Edit 2: $PATH is different on both.
When you run this command within a PHP script you are not running the command as yourself:
shell_exec('/usr/local/cpanel/3rdparty/bin/git pull');
The reason it works from the terminal console is you run the command as yourself from the console. But on a web server, you are not the user running the command. Remember: When you run PHP on a web server, it is a an Apache module. Meaning the web server user—which could be www-data, root or even apache on some systems—is running the PHP script which then runs the shell_exec command.
So it would never work as you have it setup. Perhaps you can kludge something together that would allow a key-pair to be used by the web server for these purposes, but that seems like a security risk waiting to happen.
One of my lines of shell command is not executing despite other similar lines working. I am running on a linux machine using a Ubuntu 12.04 based OS. I have tried using exec as well, still doesn't work.
I actually had this working at some point, where I ran into the hanging issue (waiting for command output), which is why I'm redirecting output to /dev/null. So some where in the development something changed. We did create a debian package to install with and I had run that install package so I thought maybe in overwriting a file the permissions got changed so I added read/write/execute to all users/groups/owners but that didn't work either.
The code is here:
if(isset($_POST['activateXML']))
{
if (videoConsistencyCheck())
{
`cp {$fileXML} /apps/video/xml.xml`;
`sudo /apps/video/vsss restart >/dev/null 2>&1 &`;
systemUnvalidate();
header('Location: index.php?app='.$_GET['app']);
die();
}
}
I know that the first line in the if statement gets executed. The line of code works fine in the actually terminal, so that isn't the problem either. I did lots of Googling and all I could find is an unanswered question, any advice would be helpful.
EDIT: so what appeared to be not working was in fact calling the command as intended but in the bash script I was calling the start-stop daemon was not working
EDIT 2: I made a test php file and ran the code from the terminal, fixed the start-stop-daemon error by adding sudo to the commands but it still doesn't work in my code. I am calling this code when a submit button is pressed.
use additional parameters, especially output:
exec($command,$output);
var_dump($output);
to determine what can be wrong with your command. If it doesn't work, please show us your code where you use your exec's.
The issue lay with a call to a binary file in the vsss script that could only be run as root. We did not want to allow access to that binary file to just anyone. The solution we came up with involves calling chmod +s on the vsss script which allows permissions for user and group IDs but keeps its owner permissions. We then added the PHP user, which was www-data, to the sudoers file using the NOPASSWD parameter. In my PHP code I then used the line:
exec('sudo /apps/video/vsss restart >/dev/null 2>&1 &')
The shell_exec()/backticks would not work with this method.
This is really simple but I cannot get it to work at all. Spent many hours and I've always give up. I created php script called copy.php and it should call a python script called copy.py.
I want to execute a command line like this
<?php exec('/var/www/html/copy.py'); ?>
Really simple.
Why cannot I get the python script executed from php exec()? The function inside python script is to get a copy of error_log from a different directory (outside of Apache) into html directory.
If I run that from a terminal
> php copy.php
It did execute the function and made a copy. Why is that the web browser isn't doing it?
Let me simplify this:
why cannot exec("cp /var/log/httpd/error_log /var/www/html/path/to/php/script") work?
it works fine if I type it in terminal but not when run in a browser.
As others have alluded to, the difference is probably permissions. When you run a command from the command line, you're generally not the same users as your apache script is running as.
Put another way, if from the command line you type whoami, you'll probably get whatever name your user account is.
The echo exec('whoami'); from within php shows who the script is running as, which is Apache.
So, whatever command you're trying to run from your web server isn't available to run as the Apache user. You mentioned you've been able to have exec("python /usr/diskpurge/script.py") work, but not to have exec('/var/www/html/copy.py') doesn't. This is due to in one instance you're running python, in the other you're trying to execute your copy.py script. If copy.py doesn't have execute permissions for the Apache user, you're not going to be able to run it from the browser.
Perhaps different settings apply for the Apache environment versus the command line.
Use error_reporting(E_ALL); and ini_set('display_errors', true) to see what errosr may come up.
It is possible that the Apache environment is prohibited from using exec or the fact that Apache runs under a different user that does not have execute rights on the python script.
sounds like a permission error. Check if your server is running with sufficient rights.
echo exec('whoami');
Set your error reporting to report all:
ini_set('display_errors', true);
error_reporting(E_ALL);
and check for errors..
If your whoami returns a user which is not a member of the SU family (linux) or administration (windows) then resite your permissions..
Linux:
Assign the user returned by whoami correct permissions to run python scripts.. Do not allow the resulted username to run as root with total administration powers.. This is a big no no
The only reason its not working is because you didn't set the write permissions!
Do:
sudo nano /etc/sudoers
And then put the following:
www-data ALL=(root) NOPASSWD:ALL
i am using arch linux. i want to execute the php file which changes the ip of the system. i did
ifconfig eth0 192.168.163.137
in the terminal and it works fine. the same i tried doing with
shell_exec('ifconfig eth0 192.168.163.137');
in a php file and tried opening the page from a remotely located web browser from another pc connected via router. teh page displays nothing and the code also doesnt execute. i guess its the problem with the user executing it.apache is executing it. so i want it to be run by the root.can anyone please guide me to the execution of my code. i even installed sudo and just put
shell_exec('sudo ifconfig......');
it too doesnt execute...please help...thanku..:)
Sudo normally requires an interactive shell to enter your password. That's obviously not going to happen in a PHP script. If you're sure you know what you're doing and you've got your security issues covered, try allowing the Apache user to run sudo without a password, but only for certain commands.
For example, adding the following line in your sudoers file will allow Apache to run sudo without a password, only for the ifconfig command.
apache ALL=NOPASSWD: /sbin/ifconfig
Adjust the path and add any arguments to suit your needs.
Caution:
There might still be complications due to the way PHP calls shell commands.
Remember that it's very risky to allow the web server to run commands as root!
Probably a better alternative:
Write a shell script with the suid bit to make it run as root no matter who calls it.
shell_exec
This function is disabled when PHP is running in safe mode.
Documentation : http://php.net/manual/en/function.shell-exec.php
So, maybe try tweaking your php.ini file?
Write the commands to a queue and have cron pick them up, validate them (only allow known good requests), and run them, then mark that queue complete with the date and result.
Your end-user can then click/wait for update using ajax.