I have a php script:
$extract_dir = "./";
$extract_file = "extractME.zip";
$zip = new ZipArchive;
$res = $zip->open($extract_file);
if ($res === TRUE) {
$zip->extractTo($extract_dir);
$zip->close();
echo "ok";
} else {
echo "failed";
}
But when I execute this script, via http://www.mywebsite.com/extract.php
All the files on FTP are show with OWNER 'root', but not the user ex . 'neo' as it should be. So the user cant edit/rename/delete these files.
Is it possible to fix this anyhow (I own the server), that files will be extracted with 'USERNAME' OWNERSHIP ?
ozzwanted, for some reason your web server (apache) is running as root so any file it makes will be made as root. This should never be the case. apache usually runs as 'www-data' or 'httpd', or 'nobody' or 'god' depending on the linux distro.
I suggest you look into this from a sysadmin point of view and have someone sort it out for you before you end up getting exploited. (assuming this is a live server)
You can use www.php.net/chown function or your can run a 'chown' command on the command line or do it from PHP with something like system() or exec() functions.
Good luck.
It extract as the user running the webserver (note: you should not be running it as root). Try using chown.
Related
I have a simple PHP page that calls a simple PowerShell script.
test.php
<?php
$runCMD = "powershell.exe -NoProfile -ExecutionPolicy Bypass -File teste.ps1 2>&1";
exec($runCMD,$out,$ret);
if ($ret != 0) {
echo "Could not run PowerShell.";
} else {
echo implode("\n",$out);
}
?>
test.ps1
Write-Host "Just testing!"
When both files are placed in c:\inetpub\wwwroot, everything works fine. However, if I place them in a shared network folder (\\myserver\test, for example) and point IIS to this folder, php still works but it's not able to run the PowerShell script anymore. exec just returns error code 1 and the message "Could not run PowerShell" is printed. I am currently using PHP 7.4.1, IIS 10, Windows Server 2019 and PowerShell 5.1.
Any ideas on how to solve this?
App pool identities have very limited access to the local file system (and none outside the local computer). You will need to modify ACLs on the file system to give the identities the access they need.
try to set the domain user to the application pool identity.
use https://learn.microsoft.com/en-us/sysinternals/downloads/procmon to check where access is being blocked.
When I am trying to run shell script with exec and shell_exe nothing happens!
When I run with those command ls or whoami all work's.
What could it be?
Do you echo the output?
echo exec('ls');
Do you have safe_mode enabled?
phpinfo();
When yes: (from the manual)
Note: When safe mode is enabled, you can only execute files within the
safe_mode_exec_dir. For practical reasons, it is currently not allowed
to have .. components in the path to the executable.
Try to call exec with
exec('...pathtoyourbashscript...', $out, $return);
Then
echo $return;
If it shows 127 it´s likely that the path is wrong.
Also check the permissions. User 'nobody' is probably the apache user, which needs the rights to access and execute the script.
You can change the permissions by running
chmod 755 pathtouyourscript
This means something like 'I don't mind if other people read or run this file, but only I should be able to modify it'.
If you're using Apache, check to make sure that the Apache user has the required permissions to execute the php file.
You can use reflection to figure out if the function has been disabled with disable_functions.
$exec = new ReflectionFunction('exec');
print $exec->isDisabled() ? 'Disabled' : 'Enabled';
If the program is web based i.e. for linux, Try making a php file to process the shell.
and a shell file to handle the php..
For instance: runAllShell.php file can contain a loop.:
<?php
// Developed by A T.
// Count the files
$directory = '/put/directory/path_here/';
$files = glob($directory . '*.*');
if ( $files !== false )
{
$filecounter = count( $files );
}
else
{
echo "No Files were found";
}
$fileCount = $filecounter;
// Start the index
$fileNumber = 1;
while($fileNumber <= fileCount){
shell_exec('$fileNumber . ".sh"');
// get some feedback
echo "The ".$fileNumber." file has been excecuted";
// increment file number
$fileNumber++;
}
?>
make sure that all the .sh files in the directory are numericaly ordered for this to work i.e: 1.sh 2.sh 3.sh and so on.
Best regards,
AT.
Ok I need to run my Apache web server as root. For this I typed whoami; in terminal. It gives me output: root. But when I check my apache server running as a root user or not by executing following php-script: < ?php echo whoami; ?> It gives me output: nobody. So any suggestions to execute/login as a root user in apache??
I would suggest creating an external PHP file on your server that would handle everything related with this extension. And then, you could call this script with shell_exec in combination with sudo.
This way, you could put your webserver user in your sudoers file and let it run php-cli as root.
Then, in your script you could simply use:
$output = shell_exec("sudo /bin/php /yourscript.php");
This would be a much more secure solution than running Apache as root, which in my opinion, is a verry bad idea, even if you know what you are doing.
If you know what you are doing, look at the file /etc/apache2/envvars :
You can customize these variables
export APACHE_RUN_USER=root
export APACHE_RUN_GROUP=root
I echo the concerns running the apache process as root. Its just a bad idea.
Thats why I recently published a project that allows PHP to obtain and interact with a real Bash shell. Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('php /var/scripts/test.php');
//the return will be a string containing the return of the script
echo $return1;
Hey, I'm trying to use PHP to execute a shell command which will run remotely run a server on my box. Here is my PHP Code:
if ($key == "test") { echo "<font color='green'>Key is valid. Server satrted.</font>";
$start = system('cd /root/st/; ls;');
}
The problem is, the ls command runs from the same directory as the web server, which returns all of the files from /var/www/html instead of /root/st/. I have also tried the chdir command to no avail. Anyone know how you would get the directory to change so that the command could be run from a specified directory? Thanks.
Does the user that PHP is running as (eg, the user invoking the CLI script) have permission to read the directory? If you're going into /root/ but aren't root, you'd need to either add cd to sudoers for the current user, or choose another directory.
Edit: note that adding cd to sudoers is not even remotely okay for anything other than a local, you-only script. :)
There are two ways I would approach this.
1: use proper unix commands, and see if they work. IE:
if ($key == "test") { echo "<font color='green'>Key is valid. Server satrted.</font>";
$start = system('ls /root/st/');
}
2: Make it run a script on the system, that can go outside the webserver's chroot.
if ($key == "test") { echo "<font color='green'>Key is valid. Server satrted.</font>";
$start = system('server.sh');
}
and server.sh is
#!/bin/bash
cd /root/st
ls
PHP has a chdir() function. Not sure if it applies to exec/system calls, but worth a try.
Store the location in a variable, say $loc = '/root/st' and then do ls $loc in your code. Hope this helps.
Your problem is not the directory the script is running in (or more precisely the current working directory of the user running the script), but that cd /root/st/ will fail on any reasonable configured UNIX/Linux system. /root is usually owned by root and can't be accessed by any other user.
Using you snippet this will silently fail because you unconditionally chained the cd and the ls commands with a semicolon instead of &&.
I know how to run a script with a cron, but what I need is to be able to run my script only by a cron.
Thank you!
You should keep this script outside of the public folder. Also, set appropriate permissions to the file so public users can not execute the script.
Put below code snippet to the top of your script.
if(php_sapi_name() !== 'cli'){
die('Can only be executed via CLI');
}
Note that you need to use the full path to the PHP executable when you setup your cron job.
Ex : /usr/local/bin/php (Your path may be differ from this)
As explained in this duplicate thread:
PHP & cron: security issues
You should keep this file outside of public_html.
Sometimes, though, this is not possible. My mind went to Moodle, where a similar feature exists. This is what they do.
From cron.php:
...
/// The current directory in PHP version 4.3.0 and above isn't necessarily the
/// directory of the script when run from the command line. The require_once()
/// would fail, so we'll have to chdir()
if (!isset($_SERVER['REMOTE_ADDR']) && isset($_SERVER['argv'][0])) {
chdir(dirname($_SERVER['argv'][0]));
}
...
/// check if execution allowed
if (isset($_SERVER['REMOTE_ADDR'])) { // if the script is accessed via the web.
if (!empty($CFG->cronclionly)) {
// This script can only be run via the cli.
print_error('cronerrorclionly', 'admin');
exit;
}
// This script is being called via the web, so check the password if there is one.
if (!empty($CFG->cronremotepassword)) {
$pass = optional_param('password', '', PARAM_RAW);
if($pass != $CFG->cronremotepassword) {
// wrong password.
print_error('cronerrorpassword', 'admin');
exit;
}
}
}
...
You need a PHP CLI/CGI executable for that. Assuming that the php program is located at /usr/local/bin/php, you can use:
/usr/local/bin/php /path/to/your/script.php
See also: http://nl.php.net/manual/en/features.commandline.usage.php
Please add this script at the top of your PHP file:
$isCLI = ( php_sapi_name() == 'cli' );
if( !$isCLI )
die("Sorry! Cannot run in a browser! This script is set to run via cron job");
and then if you try to run the PHP file via the browser, you cannot run it. This error message will be displayed. But at the same time, it can be run via a cron job.
Try to grant execute permissions only for the cron daemon user, maybe with that you get what you want.
Regards!