php or apache? exec, popen, system and proc_open commands do not execute any command not even ls

Question

My problem is with executing any command from my php homepage

Half solved, I got my pythonscript running but futher on the pythonscript does not have permission to execute its modules

but i´m starting to think that the problem is with apache and not php? i tried to run a pythonscript that is actually what i´m going to run in the end, then it seems to run but stops when the script tries to access a txt file looking like this

[stdout] =>
[stderr] => Traceback (most recent call last): 
 File "pythontest.py", line 4, in ? f = open("(path)/temp.txt", "w") 
 IOError: [Errno 13] Permission denied: '(path)/temp.txt'

I have tried all different kind of execution methods that i could find exec, system, popen, proc_open almost nothing runs, i can get a string from system("pwd") but system("ls") returns a number 127 or 126. I also tried to run a compiled c program (code below) exec will return an object "Array" but system will only return 127 or 126 as ls does.

Also I tried to get the values out of the "Array" object? from exec but it returns nothing, if I php print_R Array the page won´t load.

the php output is (code below)-> a: , out1: 126, t[[0]: , strlen out: 5, out: Array, t: no matter how many arguments i actually put in!

the full path to ls gives 126 and just "ls" gives the number 127

i have tested to chmod all files to full permission, from the page.php to test program but it still gives the same output

php safe mode is off

echo '<pre>';
print_r(execute('ls'))
echo '</pre>';

returns

array
(
    [stdout] => 
    [stderr] => sh: /var/www/html/grndb/upscgenesearch/test1: Permission denied

    [return] => 126
)

why does it give me Permission denied when the test1 program has full permission?

<?php
$a = system("/bin/ls",$out1);
echo "a: "; echo $a;
echo ", out1: "; echo $out1;
$t = exec('pwd/test1 aa hh 11',$out);

foreach ($t as &$value) {
    echo ($value);
}

echo ", t[[0]: "; echo $t[0]; 
echo ", strlen out: "; echo strlen($out);
echo ", out: "; echo $out; 
echo ", t: "; echo $t;
?>

C source code

int main(int argc, char *argv[])
{
int i;

for(i = 0; i < argc; i++)
printf("arg %d: %s\n", i, argv[i]);
return 0;
}

Answer 1

Here's another functions to add to the list :)

/**
 * Executes a program and waits for it to finish, taking pipes into account.
 * @param string $cmd Command line to execute, including any arguments.
 * @param string $input Data for standard input.
 * @return array Array of "stdout", "stderr" and "return".
 * @copyright 2011 K2F Framework / Covac Software
 */
function execute($cmd,$stdin=null){
    $proc=proc_open($cmd,array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w')),$pipes);
    fwrite($pipes[0],$stdin);                      fclose($pipes[0]);
    $stdout=stream_get_contents($pipes[1]);        fclose($pipes[1]);
    $stderr=stream_get_contents($pipes[2]);        fclose($pipes[2]);
    $return=proc_close($proc);
    return array( 'stdout'=>$stdout, 'stderr'=>$stderr, 'return'=>$return );
}

Example of use for your case:

echo '<pre>';
print_r(execute('ls'));
echo '</pre>';

The function above is offers more features than using the PHP ones directly. It could help you at debugging, though it's more intended for production code.

In general, this is what you should be aware off:

• You're not under safe mode
• Your executable does exist
• Your executable is runnable - know that FTP clients often use ASCII/Text mode, changing CRLFs in uploaded files thus corrupting them
• Be sure to chmod your executable at least 755

Answer 2

Is safe mode running? Are you trying to access files outside of safe_mode_exec_dir?

"When safe_mode is on, only executables located in the safe_mode_exec_dir will be allowed to be executed via the exec family of functions."

Are you on your own server, or a shared host? Some hosts will disable functioning of EXEC functions for security purposes.

Answer 3

The problem is the permissions on the directory. Every directory above yours in path must have at least read permission. Thus if you wanted to

# ls /root/test_dir

you would have to both

# chmod 777 /root/test_dir
# chmod 777 /root

NOTE: this is a bad idea from a security POV. instead maybe:

# mkdir /public
# chmod 744 /public
# mv /root/testdir /public

note that here the 744 will apply to test_dir

Answer 4

//As Nemoden said use (back tick) :

$cmd='ls /var/www/';
$variable_name=`$cmd`;

If you do not want to store value use passthru command. exec and system command will only show one single line (data after line break is chopped off)