Results 1 to 34 of 34

Thread: php exec()

  1. #1

    php exec()

    Hi Guys,
    Here is what I am trying to do.

    I have a script which creates a new account via cPanel. I then want to copy certain files from a non-public folder on another account on the server - to the new account that I just created. I can do this fine, using php's copy() function. However, when the files are copied over, they have incorrect group value. They should be owned by 'username' but for some reason they are owned by '99'??

    So I thought that php exec() function could sort this out. So I tired using the following:

    PHP Code:
    exec("chown username:usename /home/username/public_html/file.php"); 
    But it does not work..it does not output anything. However, when I use this:

    PHP Code:
    exec("ls -lt"); 
    IT WORKS FINE!!

    I think I may need root permissions to do chown, but it is not possible in my script as is will cause too much of a security risk..Is there any alternative solutions I can use?

  2. #2
    Join Date
    Jun 2003
    Posts
    961
    chown usually does not output anything, and to chown some files the script would have to run as root

    does the solution you seek need to run from a web interface?
    could just login as root instead and run some script, which would copy+chown the needed files

  3. #3
    Yes the script needs to run from a web based php script

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    I get an error with chown(). I believe that the script has to run as root. How can i make the script run as root? and will it be a security issue?

  6. #6
    Join Date
    Jul 2002
    Posts
    1,441
    is it disabled in php.ini ?
    Synergy Blue LLC
    SonataWeb.net | SynergyBlue.com
    USA should so something about: http://www.brillig.com/debt_clock/

  7. #7
    im not sure, how can I check?

  8. #8
    Originally posted by bidder
    im not sure, how can I check?
    You're not the system admin, are you?

    In that case, you're system administrator has disabled some functions. You should contact the company for further information.
    .

  9. #9
    Yes I am the admin.

  10. #10
    Originally posted by bidder
    Yes I am the admin.
    Oh, my mistake.

    In that case, open up your php.ini file and look for a line that starts with "disable_functions=".

    If you don't know where the php.ini file is located, type this:

    find / -name "php.ini"

    EDIT:
    Do the above command in SSH (Secure Shell).
    .

  11. #11
    There are no functions disabled. I opened up php.ini and got this: "disable_functions=".

  12. #12
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    what is the exact error you are receiving
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  13. #13
    Here is the error:

    PHP Code:
    Warningchown(): Operation not permitted in /home/username/public_html/includes/functions/incSetupWebsite.php on line 7 

  14. #14
    is that your PHP in Safe mode ???
    what about disable functions in your php.ini ???

  15. #15
    Nope, safe mode is off and i do not have any functions disabled in my php.ini. I think that the script has to run as 'root' but this would be a security issue. Are there any alternatives to chown() ?

    chown() would be ideal if I could get it to work.......
    Last edited by bidder; 04-25-2005 at 06:47 AM.

  16. #16
    Is it your file?

    Try to chmod it via FTP, first.
    .

  17. #17
    Just chmod the file to 777 and tried again. Still no luck!

  18. #18
    Join Date
    Jun 2003
    Posts
    961
    Originally posted by bidder
    Just chmod the file to 777 and tried again. Still no luck!
    chmod wont help, it does not affect changing ownership

  19. #19
    Hmmm, running out of ideas now. I have tried almost everything!

    If I run the script as superuser (root) will it open the server up to malicious hacks???

  20. #20
    Originally posted by sehe
    chmod wont help, it does not affect changing ownership
    If you chmod to 777, that means that everyone has permission to do anything to the file/folder. I believe this includes chown, also...I'll test it in a bit and let you know.
    .

  21. #21
    Join Date
    Jun 2003
    Posts
    961
    Originally posted by mp3LM
    If you chmod to 777, that means that everyone has permission to do anything to the file/folder. I believe this includes chown, also...I'll test it in a bit and let you know.
    "anything" includes read, write and execute
    afaik it does not include change of ownership

  22. #22
    touche salesman
    .

  23. #23
    Join Date
    Jul 2003
    Location
    Kuwait
    Posts
    5,099
    chmod() can only be run by a root-level user.

    99 is usually nobody or apache, which doesn't have root access (for very good security reasons).

    If you are creating the account via cpanel, why don't you just move the files to the cpanel skeleton directory, and let the cpanel scripts (which run with sufficient rights) do the moving for you? This would be the easiest option.

    If you really must use chmod(), then you will have to use something like phpsuexec to change the permissons of PHP to run as a root user in order to do chmod. Note: It is never a good idea to have web accessible scripts run with root-level permissions.
    In order to understand recursion, one must first understand recursion.
    If you feel like it, you can read my blog
    Signal > Noise

  24. #24
    I thought of moving the files directly to the cpanel-skel directory,however, I have different files to be used with each different plan. Would it be possible to create a way so that the only time that the files were copied from the cpanel-skel directory is when a specific plan was chosen??

  25. #25
    Join Date
    Jul 2003
    Location
    Kuwait
    Posts
    5,099
    You can create a different admin user (in whm), then copy the files to that admin user's skel directory. When you use the remote access to login to cpanel, use the remote access key for the particular admin user.
    In order to understand recursion, one must first understand recursion.
    If you feel like it, you can read my blog
    Signal > Noise

  26. #26
    I add a new admin user in WHM by adding a wheel group user, right??

    Then how will I obtain an access key for that particular user?

    Thanks for your help.

  27. #27
    Join Date
    Mar 2005
    Location
    Panama City, Florida
    Posts
    1
    What I would do is make a shellscript that does the file copying, make root own it, make it suid, and make sure only php can run it (If there isn't already a group that only contains Apache/PHP, create one, and then set the group of the script to the group that only contains Apache/PHP; set permissions to r-sr-x--- (owner and group can read and execute, others can't do anything, and suid)), and then call it through PHP's exec().

  28. #28
    Can anyone tell me how I create a new admin user in WHM??

  29. #29
    Please help me...........?? I have been going round in circles for days now.........

  30. #30
    Join Date
    Oct 2003
    Location
    Long Island, New York
    Posts
    220
    Create a reseller and give him root privileges.
    TWSites.com - Business Web Hosting Solutions & Server Management Since 2003

  31. #31
    .....and how do I obtain a remote access key for that user?

  32. #32
    Any ideas?? Please help..........

  33. #33
    I have tried adding a new wheel user but there does not seem a way to obtain a remote access key for that particular user? Has anyone done anything similar to this before?

    I am desperate!!

  34. #34
    bidder, you can create cpanel account without remote access key, just by php fopen command for cpanel 2086 http port or by curl commands for https 2087 port - just enter there reseller username and password as parameters and call wwwacct script with apropriate parameters.

    And to copy files - you simply do it by php ftp functions - then all files will for sure have correct permissions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •