The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP exec()

Discussion in 'General Discussion' started by tgavin, Sep 13, 2006.

  1. tgavin

    tgavin Well-Known Member

    Joined:
    Jul 27, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    I have a php script that creates directories and sets the permission. Now I need to have that script set the owner and group of that created dir from 'nobody' to the site's owner.

    When I run the following, I don't receive any errors, but it also doesn't change the owner. How can I get this to work? Is there something within cpanel that I need to disable?

    Code:
    $user  = "username";
    $path  = "/home/".$user."/public_html/media/";
    $own = "chown -R ".$user." ".$path."";
    $own = escapeshellcmd($own);
    exec($own);
    if(!$own) {
         die("Can not change ownership on the folder.");
    }
     
  2. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    That wont would you need to be root to do that.

    You best bet is too set a cronjob that does that.
     
  3. tgavin

    tgavin Well-Known Member

    Joined:
    Jul 27, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for your reply. A cronjob won't work for me. This is written for a customer, who will only use this script once in a while. Not very often. If I were to set up a cronjob it would have to run all the time, to anticipate when they're going to run this script. Unless you know of a way for php to set and delete a crontab.

    Also, it just seems odd to me that php would have these functions if they only worked with a cronjob, or as root.
     
  4. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    The issue is that the PHP process doesn't have sufficient privileges to change the file ownership. Are you using PHPSuExec? If so, wouldn't the files automatically be created as the site owner (rather than nobody)?
     
  5. tgavin

    tgavin Well-Known Member

    Joined:
    Jul 27, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    How can I tell if I'm using PHPSuExec? Is there a way to just enable/disable it for that one domain using .htaccess?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, it's a server-wide setting. If files are being written from php scripts with the user nobody then you're not running phpsuexec.
     
  7. tgavin

    tgavin Well-Known Member

    Joined:
    Jul 27, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Well, I guess the next questions is "Do I want to run phpsuexec?" Yes? No? Why?
     
  8. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Security-wise? HECK YES. It assures that any file written to the server is given permissions for the proper owner, instead of "nobody". This includes any files that are dropped into /tmp by php exploits. it also further locks down the security to help prevent writing to directories that do not belong to you... if you drop a file owned by user1:user1 into directory /home/newuser/public_html, Apache will not allow it to run (it's owned by the wrong person). It will also make sure that user1 can not write to any file owned by newuser... with server-created files owned by nobody, technically, any other user can write to it as well, since the ownership is the same.
    Downside? No more 777 directory permissions. 755 is the best it gets... but since the file ownership is fixed, this is good enough. Any of your users that have 777 will need to step it down, though. No php flags can be written into htaccess, either, so any custom php settings for an account will need to be written into a php.ini file, and dropped in each folder it needs to affect. This is a downside, but a small one, in the grander scheme of things.
    Just imagine. Someone exploits your server, and drops a perl file into your /tmp directory by using something like the phpBB exploit. Without phpSuExec, this file is owned by nobody:nobody, and you get to spend the next few hours going through logs to find out who's account was exploited by this. With phpSuExec, the ownership of the file will tell you right away who's account it came from.
     
  9. tgavin

    tgavin Well-Known Member

    Joined:
    Jul 27, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the explanation! :)

    For this one account in question, I have some custom settings. PHP files are running with .html extensions (the site was redesigned/rebuilt with php, but we wanted to keep the search engine links in place). There is also a custom CMS written in php that allows for file uploads into directories chmod'd 0777.

    With phpsuexec on, will I be able to upload into directories with perms set to 0755?
    Will I need to create a php.ini file for the .html extension? If so, how would I do that? Could I just do that server-wide, instead of on a site-by-site basis?

    Thanks to all for your help!
     
  10. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    phpSuExec is serverwide, unless you manually compile a second build and run it independantly alongside.
    Yes, you will be able to upload, so long as the directory has the proper ownership permissions (username:username).
    The extension would not make a difference, so long as Apache still knows to handle html extensions with the php exec. Another option you could make, of course, would be to use a htaccess mod_rewrite to forward all *.html to *.php for that domain. This would solve the search-engine problem.
    How exactly does php know to handle the html extension? Is it hardcoded into your httpd.conf file, or added into an htaccess?
     
  11. tgavin

    tgavin Well-Known Member

    Joined:
    Jul 27, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    It's added into .htaccess at the site's root. How would I hardcode it into httpd.conf?
     
  12. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    In httpd.conf, with AddHandler. It'd look something like this:

    AddHandler application/x-httpd-php .php .php4 .php3 .html

    But, same with phpSuExec, this would be a global thing.
     
  13. tgavin

    tgavin Well-Known Member

    Joined:
    Jul 27, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Thanks so much for all of your help!
     
Loading...

Share This Page