If you say it works on the terminal and not on apache then apache's php.ini file may be disabling the use of shell_exec().
See http://www.php.net/manual/en/ini.core.php#ini.disable-functions
Your apache's php.ini file may look something like
disable_functions=exec,passthru,shell_exec,system,proc_open,popen
Remove shell_exec from this list and restart the web server, although this is a security risk and I don't recommend it.
If you say it works on the terminal and not on apache then apache's php.ini file may be disabling the use of shell_exec().
See http://www.php.net/manual/en/ini.core.php#ini.disable-functions
Your apache's php.ini file may look something like
disable_functions=exec,passthru,shell_exec,system,proc_open,popen
Remove shell_exec from this list and restart the web server, although this is a security risk and I don't recommend it.
shell_exec might not know what directory to look in for your executable's location directory. What solved it for me was this before the shell_exec:
putenv('PATH=/usr/local/bin');
Then the terminal can find the executable. Also check permissions on every part of the command to make sure apache user has read and execute permissions.
Videos
The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.
- Run the command
sudo visudo. Actually we want to edit the file inetc/sudoers.To do that, by usingsudo visudoin terminal ,it duplicate(temp)sudoersfile to edit. - At the end of the file, add the following ex:-if we want to use command for
restartsmokeping andphpcommand for another action in your question,
www-data ALL=NOPASSWD: /etc/init.d/smokeping/restart, usr/bin/php
(This is assuming that you wish to run restart and php commands using super user
(root) privileges.And you use php command in usr/bin/ path )
However, if you wish to run every application using
super user privileges, then add the following instead of what’s above.You might not want to do that, not for ALL commands, very dangerous.
www-data ALL=NOPASSWD: ALL
3.After edit the sudoers file(by visudo we edit the temp file of sudoers so save and quit temp file(visudo) to write in sudoers file.(wq!)
4.That’s it, now use exec() or shell_exec in the following manner inside your xxx.phpscript.keep remember to use sudo before the command use in the php script.
ex:-
exec ("sudo /etc/init.d/smokeping restart 2>&1");
or
shell_exec("sudo php -v");
So in your problem,add the commands that you wish to use in to the step no (2.) as I add and change your php script as what you want.
here is the same problem as yours https://stackoverflow.com/a/22953339/1862107
Try specifying the entire path to the php binary.. Eg, /usr/bin/php
If you don't know it, find it using: which php
Hello,
I have a php script that execute a Shell. It is supposed to execute a .ps1 when i request the page.
It was working fine but a coworker had to reboot the IIS VM running php 8 with CGI. The script is not working anymore and is giving me a blank page when i request it.
<?php echo Shell_exec ('Powershell.exe -ExecutionPolicy Bypass -NoProfile -File ".\dev.ps1"'); ?>What i did so far :
Checking the php.ini file to make sure Shell_exec wasn't in Disable_functions="".
Changing the FastCGI Protocol configuration from "Named pipe" to "TCP"
Rebooting, of course
Thanks,
On the php manual for shell_exec, it shows that the function returns the output as a string. If you expect output from the program you launch, you need to capture this like so:
$execQuery = "echo -n test_command";
$output = shell_exec($execQuery);
echo $output;
Your question doesn't show trying to capture any data. If you also make sure to connect stdout and stderr when you run your command, you should get a better idea is what is going on. To use your example:
$output = shell_exec("/usr/bin/oneuser create test10 test10 2>&1");
var_dump($output);
That should help you see what is going on. As Shadur suggests, it seems likely that these programs expect an interactive terminal that can enter passwords in order to run. Even if don't need input, they might expect interactive shells. And he's right that su doesn't play nice in this context. There is, however, a correct tool for the job.
You can setup sudo to such that your http user can execute your program as username without a password but NOT be able to do anything else by running visudo or whatever you use to edit your sudoers file and adding this line:
http ALL=(username) /usr/bin/oneadmin
Then in php your command would look something like this:
$execQuery = "sudo -u username /usr/bin/oneadmin postgres -c '/usr/bin/oneuser create test10 test10'";
$out = shell_exec ("$execQuery 2>&1");
echo $out
Try passthru($cmd);
It will allow user's I/O on the Terminal screen.
Hi all I'm trying to SvtAv1EncApp tools via web interface, I try to us both exec() shell_exec() with no success , BTW I print the command and run it into the shell directly and it's works perfectly fine.
$cmd2="/usr/local/bin/ffmpeg -loglevel -8 -i "$mp4" -s 960x540 -strict -1 -f yuv4mpegpipe - | /usr/local/bin/SvtAv1EncApp --no-progress -i stdin --rc 0 -q 38 --preset 8 -b stdout 2>/var/www/vl/ffmpeg.log | /usr/local/bin/ffmpeg -loglevel -8 -y -i - -i "$mp4" -map 0:v -map 1:a:0 -c:v copy $a '".$mpa."_.mkv' & ";
shell_exec( $cmd2 ) ;
Here is the text of echo $cmd2 output
/usr/local/bin/ffmpeg -loglevel -8 -i "FHD.mp4" -s 960x540 -strict -1 -f yuv4mpegpipe - | /usr/local/bin/SvtAv1EncApp --no-progress -i stdin --rc 0 -q 38 --preset 8 -b stdout 2>/var/www/vl/ffmpeg.log | /usr/local/bin/ffmpeg -loglevel -8 -y -i - -i "FHD.mp4" -map 0:v -map 1:a:0 -c:v copy -strict -2 -c:a libopus -b:a 64k 'FHD_.mkv' &
=Update=
I kinda solve it , I don't know why but exec() successfully executed the script , I created new bash script from command line thanks to @xisonc suggesting nano /usr/local/sbin/av1c with this value
!/bin/sh
touch /var/www/vl/ffmpeg.log /usr/local/bin/ffmpeg -loglevel -8 -i "$1" -s 960x540 -strict -1 -f yuv4mpegpipe -
| /usr/local/bin/SvtAv1EncApp --no-progress -i stdin --rc 0 -q 38 --preset 8 -b stdout 2>/var/www/vl/ffmpeg.log
| /usr/local/bin/ffmpeg -loglevel -8 -y -i - -i "$1" -map 0:v -map 1:a:0 -c:v copy -strict -2 -c:a libopus -b:a 64k "$2"
On the php script i had this
$cmd2="/usr/local/sbin/av1c '$mp4' '$mpa"."_.mkv' 2>/dev/null >/dev/null & " ; exec( $cmd2 , $pid, $r ) ; var_dump( $r ) ;
var_dump returns 0 , and since the bash script are silent I don't need to see the output , now I want to change it to wok on the background it's running on background now after adding 2>/dev/null >/dev/null & at the end of the command .
The question is a bit old, but for those who experience this problem can try to set the environment variables of direct on the server. PHP uses the putenv () function.
Example:// Set Variable Enviromental
$JAVA_HOME = "/usr/lib/jvm/java-8-oracle"; $ANDROID_HOME = "/opt/android-sdk-linux"; $PATH="$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/bin:$ANDROID_HOME/platform-tools:$ANDROID_HOME/tools:$ANDROID_HOME/build-tools/24.0.0-preview"; putenv ("JAVA_HOME = $JAVA_HOME"); putenv ("PATH = $PATH");
Most likely, your $PATH is set incorrectly. Specify the full path to android, or set your path via something like this:
<?php
putenv(
implode(PATH_SEPARATOR, array('/dir/containing/android', getenv('PATH')))
);
$fname = $_POST['fname'];
$fpack = $_POST['fpack'];
$email = $_POST['email'];
// Create a new Android project
var_dump(shell_exec("android create project --target 8 --name $fname --path ./$fname --activity MainActivity --package $fpack 2>&1"));
This is most certainly a permissions issue. Make sure that the file you're trying to execute with the ./ command from your script has +x perms. Here's a previous thread about giving files executable permissions: Creating executable files in Linux.
If the file already has +x rights, it could be a permissions issue with your script running the commands. Either way, if you can run ls but not ./ and top, has to be permissions.
Edit: The link I gave, I realize has a lot of info about Perl and bash scripts. The important part is that the command to make a file executable is
chmod +x ProgramName
Depending on the content of $var1 and $var2 you may need to do an escapeshellarg call around it.
$output = shell_exec("./Program ".escapeshellarg($var1)." ".escapeshellarg($var2));
even if it doesn't work it might be a good idea. Also confirm that your Path is correct. Maybe with a file_exits('./Program'); check
There's multiple problems here.
- Do people even read the error messages they get?
- Don't use shell commands to read a file to a variable! Use
fopen. - Don't do globbing. Globs are expanded by the shell, but PHP is not a shell, so it doesn't do globbing. It hands your exact command off to the shell, and asks the shell to execute it. And yes,
*-releaseis a valid filename.
[~]$ ls -la /tmp/\*-releases
-rw-r--r-- 1 vidarlo users 0 Jun 23 10:16 /tmp/*-releases
[~]$
- Globbing potentially opens you to attacks. If you glob, you have no control over what files you end up reading. That's a potential security issue. Probably not in this case, as you're reading from
/etc, but... - You lack a basic understanding about your environment, when you expect that modifying a path parameter will change anything - the problem is not that
catcommand is not found, it's that the file you give as parameter is not found... A general understanding of the platform is a good starting point for programming. putenv('/etc');is not howputenvworks. Environment variables are generallykey=value-pairs.- Don't post it on serverfault. It's not about managing IT, it's purely about programming. Additionally, you should probably spend some time to learn the platform you're working on.
The problem was that PHP was setup to run in chroot jail. I had exhausted all other possibilities. I only even discovered it thanks to @vidarlo's comment.
I was able to resolve the issue in WHM via the CageFS plugin. The Linux user that PHP uses was set to execute and I removed it from the association.
shell_exec returns all of the output stream as a string. exec returns the last line of the output by default, but can provide all output as an array specifed as the second parameter.
See
- http://php.net/manual/en/function.shell-exec.php
- http://php.net/manual/en/function.exec.php
Here are the differences. Note the newlines at the end.
> shell_exec('date')
string(29) "Wed Mar 6 14:18:08 PST 2013\n"
> exec('date')
string(28) "Wed Mar 6 14:18:12 PST 2013"
> shell_exec('whoami')
string(9) "mark\n"
> exec('whoami')
string(8) "mark"
> shell_exec('ifconfig')
string(1244) "eth0 Link encap:Ethernet HWaddr 10:bf:44:44:22:33 \n inet addr:192.168.0.90 Bcast:192.168.0.255 Mask:255.255.255.0\n inet6 addr: fe80::12bf:ffff:eeee:2222/64 Scope:Link\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n RX packets:16264200 errors:0 dropped:1 overruns:0 frame:0\n TX packets:7205647 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:1000 \n RX bytes:13151177627 (13.1 GB) TX bytes:2779457335 (2.7 GB)\n"...
> exec('ifconfig')
string(0) ""
Note that use of the backtick operator is identical to shell_exec().
Update: I really should explain that last one. Looking at this answer years later even I don't know why that came out blank! Daniel explains it above -- it's because exec only returns the last line, and ifconfig's last line happens to be blank.
The & sign is a special character in the Unix shell. You need to escape it:
exec("wget '$url'");
Also, if your URL is based on user input in any way, be very careful to escape it with escapeshellarg. Otherwise your users will be able to run arbitrary Unix commands on your server.
$url = "http://domain.co/test.php?phone=123&msg=testing"
exec('wget "'.$url.'"');
you need to qoute the url
& is the sign for putting a task into background