You are here: Re: [PHP] Apache user can't use exec(), passthru(), etc. « PHP « IT news, forums, messages
Re: [PHP] Apache user can't use exec(), passthru(), etc.

Posted by Jim Poserina on 03/24/05 04:13

The output is:

OS Error: 127.

I have a second server that I use as a downtime backup. On that one, all
the scripts work normally. I don't have to give a path for the commands, any
commands with permission problems return "permission denied," and the apache
user (nobody) actually has /sbin/nologin as the shell.


"Richard Lynch" <ceo@l-i-e.com> wrote in message
news:2609.66.243.145.38.1111561333.squirrel@www.l-i-e.com...
> On Mon, March 21, 2005 8:20 pm, Jim Poserina said:
> > If I run this PHP script:
> > <?php
> > echo '<pre>';
> > echo exec('whoami');
>
> The first most biggest thing wrong is that you aren't using the additional
> arguments to exec() to find out what your output is, and if your command
> generated an error.
>
> For starters, I'm betting that at least one of the following is true:
> whoami is not in the $PATH/$path of the PHP user.
> whoami is not executable by the PHP user.
>
> You'll never find out which unless you use the extra args to exec
>
> http://php.net/exec
>
> > echo '</pre>';
> > ?>
> >
> > from the web, the output is
> >
> > <pre></pre>and from the command line running as the apache
user(webuser),
> > the output is.
> > Content-type: text/html
> > X-Powered-By: PHP/4.3.9
> >
> > <pre></pre>
>
> EXCELLENT attempt to diagnose this, though!
>
> > But if I run from the command line as root, the output is:
> >
> > Content-type: text/html
> > X-Powered-By: PHP/4.3.9
> >
> > <pre>root</pre>and from the command line as a user in the root group,
the
> > output is:
> > Content-type: text/html
> > X-Powered-By: PHP/4.3.9
> >
> > <pre>jimpoz</pre>Safe mode is turned off. As webuser (or any
> > non-root-group
> > user), no shell commands work. Not echo, not ls, not whoami, not touch.
> > And
> > no shell functions work: no exec(), no passthru(), no shell_exec(), no
> > backticks. Every command I'm trying to run is world-readable and
> > world-executable.
>
> But are they in the $path of webuser?
>
> Use the full path to them if they aren't
>
> exec("/bin/whoami", $output, $error);
> if ($error) echo ("OS Error: $error.<br />\n");
> echo implode("<br />", $output);
>
> > If I turn safe mode on, it gives me a "safe mode is on" warning only
about
> > lines that call shell_exec(), and not for exec() or any of the others.
> > Other
> > than that, it doesn't hang or give any kind of error or anything when it
> > comes to a shell function call; apparently it just ignores them.
>
> No, it tries to run them, and fails, and provides the error messages and
> error number in the variables you aren't using :-)
>
> Some days, I think the PHP Dev Group should just make those arguments to
> exec() required.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация