php shell_exec() permission on Linux Ubuntu

  • I'm developing a php application using Linux server. My problem is executing shell_exec() to call some exe file is not work(actually not exe, it's kind of linux executable file)

    echo shell_exec("whoami");
    

    I got daemon

    echo shell_exec("ls")
    

    I got some filename but

    echo shell_exec("php -v")
    

    I got nothing, a blank page

    echo shell_exec("php ....bla bla bla")
    

    a blank page too.

    All these command if I type on terminal(user hu) will works. I have searched google for several hour, people says that because of permission. I don't have experience on Linux. What do I have to do to execute my program in php?

  • The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.

    1. Run the command sudo visudo. Actually we want to edit the file in etc/sudoers.To do that, by using sudo visudo in terminal ,it duplicate(temp) sudoers file to edit.
    2. At the end of the file, add the following ex:-if we want to use command for restart smokeping and php command for another action in your question,

    www-data ALL=NOPASSWD: /etc/init.d/smokeping/restart, usr/bin/php

    (This is assuming that you wish to run restart and php commands using super user (root) privileges.And you use php command in usr/bin/ path )

    However, if you wish to run every application using super user privileges, then add the following instead of what’s above.You might not want to do that, not for ALL commands, very dangerous.

    www-data ALL=NOPASSWD: ALL
    

    3.After edit the sudoers file(by visudo we edit the temp file of sudoers so save and quit temp file(visudo) to write in sudoers file.(wq!)

    4.That’s it, now use exec() or shell_exec in the following manner inside your xxx.phpscript.keep remember to use sudo before the command use in the php script.

    ex:-

    exec ("sudo /etc/init.d/smokeping restart 2>&1");
    

    or

    shell_exec("sudo php -v"); 
    

    So in your problem,add the commands that you wish to use in to the step no (2.) as I add and change your php script as what you want.

    here is the same problem as yours https://stackoverflow.com/a/22953339/1862107

    This question is not about using sudo.

    This is worded so badly

  • Try specifying the entire path to the php binary.. Eg, /usr/bin/php

    If you don't know it, find it using: which php

    echo shell_exec("/usr/bin/php -v"); doesn't works.

    when you say 'doesn't work' what do you get? Ie, any errors? Anything in your php/apache error logs? If the page is blank, view source give you anything to work with? Unfortunately the term 'doesn't work' gives us *nothing* to work with...

    @ngoaho91 - typically the logs are `/var/log/httpd/error*`.

    :D i got blank page, nothing to see. where's php/apache error log file?

    @ngoaho91 - what Linux distro is this? CentOS, Ubuntu?

    i checked /var/log/ and no folder httpd but a folder apache2. opened apache2/*.log and all of them blank. @slm Linux Ubuntu

    @ngoaho91 In reply to another comment, you said you were using XAMPP. You should include that information in your question. XAMPP logs probably are not at the same place as usual (i.e., distribution-supplied) PHP/Apache2 logs.

  • You generally want to specify full paths to applications such as whoami, ls, and php. If you're unsure what a program's location is (full path) you can find out like so:

    $ type php
    php is /usr/bin/php
    

    Then specify it like so in your script.

    <?php
        echo shell_exec("/usr/bin/php ....bla bla bla");
    ?>
    

    i run your command. type php => php is /usr/bin/php. but full path command still return me a blank page.

    What if you do this: `echo shell_exec("/usr/bin/php somefile.php 2>&1")`?

    echo shell_exec("/usr/bin/php index.php 2>&1") => /usr/bin/php: relocation error: /usr/bin/php: symbol X509_free, version OPENSSL_1.0.0 not defined in file libcrypto.so.1.0.0 with link time reference

    OK, the web server (Apache) typically is running as another user, not `hu`. So you need to make sure that the script `php` is attempting to run is set like this: `chmod 755 somescript.php`. This will allow the user that Apache is running as, to be able to execute & read your `.php` file.

    ok, i run `chmod 755 index.php`, but `echo shell_exec("/usr/bin/php index.php 2>&1")` still return that error, is this ok?

    @ngoaho91 - everything should be fine now, that error tells me there is something wrong w/ your Apache/PHP setup. http://www.freetutorialssubmit.com/php-relocation-error/2221

    i installed xampp 1.8.3 for linux `apachefriends.org`, and 2 package `php-cli`, `php-mysql`. i copy my application folder to `/opt/lampp/htdocs/`. am i miss anything?

    @ngoaho91 - I don't know for sure, your Q is spiraling out of control here, and going into too many other potential issues.

    @ngoaho91Try using the distro-supported packages. XAMPP is not necessary for Ubuntu, you can get a LAMP setup easily with the Ubuntu packages already.

  • Does your php.ini restrict the available command set ?

    This is from my /etc/php5/php.ini

    ; When safe_mode is on, only executables located in the safe_mode_exec_dir
    ; will be allowed to be executed via the exec family of functions.
    ; http://php.net/safe-mode-exec-dir
    safe_mode_exec_dir =
    

    no, my ini same as your's

  • How to debug shell_exec issues

    OK, here we have a problem: some thing works in terminal and does't work in php's shell_exec (or exec, spawn, whatever). Let's think: what is the difference between You and php? Here are three:

    PHP is executed from HTTP server rules

    Indeed, Your terminal is running from yourname user and php is executed from www-data. So, first idea is to open terminal from www-data user and try same command. So....

    • Open /etc/passwd file, find line with www-data user and change it's login shell (last one) from /bin/false (or whatever) to /bin/bash.
    • Open www-data's terminal: su www-data
    • Try php -v or whatever You can't execute from php. If it does not work -- You'll see nice logs and will be able to debug problem.
    • Do not forget to fix back /etc/passwd file while You're done

    PHP is executed from PHP.

    PHP is paranoid enogh and there are a lot of options in apache/nginx and php.ini configuration which may break Your attempt.

    This is a bit more complicated to debug. There are two options here:

    • Enable logs in browser and see the problem. Edit Your php.ini, turn on display_errors and all other flags to see errors in browser. They You can read and debug them.

    • Obtain www-data's shell (see first section) and execute something like

    echo '<?php shell_exec("php -v"); ?>' | php

    which will execute same php code in console and You'll be able to see errors and debug.

    PHP is executed from SELinux/apparmor

    Selinux and apparmor are security things which forbid applications to perform specific actions (for example, spawning other applications or some specific other applications). Maybe it's enabled on Your server.

    To check -- disable selinux/apparmor and check if problem exists.

    To fix -- read appropriate manual and fix write permissive rules for Your case.

  • For me the simplest way was to go inside the php.ini and comment the line that starts with

    disable_functions
    

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM