• shell_exec() not working
    22 replies, posted
Hey, I wrote the following PHP: [php] shell_exec("cd /home/website/apps && /opt/mono/bin/mono cas3.exe expr=$expression file=$img"); [/php] However, it does not produce any output at all (and my program does not create the designated file, which means it didn't run). Executing that command as root in ssh works as expected. Any ideas? [editline]27th January 2011[/editline] Additional information: safe_mode is off, I checked.
Try using chdir and removing the cd. See if that works.
Hey, I just tried that - still no luck. I think it's some sort of permission issue; anyone have any ideas?
Hey, [QUOTE=Rocket;27683232]And Sheel Exec might be on the not allowed functions list.[/QUOTE] No such thing - safe_mode is off.
Hey, [QUOTE=Rocket;27683376]Hey, You can have disabled functions without safe mode[/QUOTE] I have been enlightened - can you please elaborate further? How can I enable these functions if they are disabled?
Does it make any difference if you login as your superuser, and run it with the "php5 <scriptname>" command? (You might have to install "php5-cli".) This might be due to www-user not having permission to either access or execute said applications [editline]27th January 2011[/editline] And I hope that $expression and $file are escaped? Imagine if $img was "lol.jpg && rm -rf /"
It's a permissions error most likely. What web-server are you using? If it's running under a different username, then that user needs to have execute access to the file/folders, just change the owner to that user (and chmod +x).
Hey, [QUOTE=h2ooooooo;27685889]Does it make any difference if you login as your superuser, and run it with the "php5 <scriptname>" command? (You might have to install "php5-cli".) This might be due to www-user not having permission to either access or execute said applications [/quote] I ran the script manually as a superuser and it worked great. I suppose permission issues are indeed the issue - how can I fix that? [quote] And I hope that $expression and $file are escaped? Imagine if $img was "lol.jpg && rm -rf /"[/QUOTE] Yes, thank you for the heads up, they are indeed properly escaped. [editline]27th January 2011[/editline] [QUOTE=Fizzadar;27686137]It's a permissions error most likely. What web-server are you using? If it's running under a different username, then that user needs to have execute access to the file/folders, just change the owner to that user (and chmod +x).[/QUOTE] Apache. I believe the web-user is www-data. How can I give www-data permission to execute /opt/mono/bin/mono? (I believe he already has access to /home/website/apps)
[QUOTE=limitofinf;27688551]Hey, I ran the script manually as a superuser and it worked great. I suppose permission issues are indeed the issue - how can I fix that? Yes, thank you for the heads up, they are indeed properly escaped. [editline]27th January 2011[/editline] Apache. I believe the web-user is www-data. How can I give www-data permission to execute /opt/mono/bin/mono? (I believe he already has access to /home/website/apps)[/QUOTE] [code] chown www-data:www-data /opt/mono/bin/mono chmod+x /opt/mono/bin/mono [/code] It might need permissions to save anything also.
Hm, apparently, the issue is a little deeper. I double checked, and Apache is running under nobody:nobody, not www-data. What should I do? I have a feeling that giving nobody any privileges would be a bad idea.
Apache shouldn't be running under nobody, change that. How was Apache installed in the first place?
[QUOTE=Fizzadar;27691617]Apache shouldn't be running under nobody, change that. How was Apache installed in the first place?[/QUOTE] I [b]think[/b] that the Apache that comes pre-installed on some distributions runs as nobody. Don't take my word on it though.
Hey, How can I change it? I read in httpd.conf that any changes I make might get overwritten, so where should I make the change? [editline]27th January 2011[/editline] And when I change it, should I do anything special to the new user? [editline]27th January 2011[/editline] Something I don't understand is, how does Apache know the password of the user it uses?
[QUOTE=Fizzadar;27689038][code] chown www-data:www-data /opt/mono/bin/mono chmod+x /opt/mono/bin/mono [/code][/QUOTE] That's a terrible idea to chown it. Just apply 0755, then anyone'll be able to execute it
[QUOTE=Venice Queen;27699435]That's a terrible idea to chown it. Just apply 0755, then anyone'll be able to execute it[/QUOTE] Doesn't really make a difference, I just like having webserver-specific programs under the same user. I just find it easier to manage, mostly personal preference.
[QUOTE=Fizzadar;27699477]Doesn't really make a difference, I just like having webserver-specific programs under the same user. I just find it easier to manage, mostly personal preference.[/QUOTE] That's like chowning glibc to www-data because the webserver uses it
[QUOTE=Venice Queen;27699509]That's like chowning glibc to www-data because the webserver uses it[/QUOTE] True, but I just find it easier with my own applications.
Hey, Well, I solved it guys. Thanks for the help!
[QUOTE=limitofinf;27700274]Hey, Well, I solved it guys. Thanks for the help![/QUOTE] obligatory mind sharing so others can learn
Hey, sure. The main issue was that Apache was running under nobody. I created a new user and group specifically for it and edited httpd.conf to reflect the changes. Then a quick apachectl -k restart put the changes into effect. With some chown and chmod I edited public_html, public_ftp, etc. so that Apache's user could access everything it needed to. Then everything Just Worked.
Sorry, you need to Log In to post a reply to this thread.