[英]Exec with PHP-FPM on nginx (under chroot) returns nothing
I've created a nginx server in a chroot at /srv/http with php-fpm. 我用php-fpm在/ srv / http的chroot中创建了一个nginx服务器。 Both services use the http user and it works fine.
两个服务都使用http用户,它工作正常。 The problem comes when I try to run an exec command such as
当我尝试运行诸如的exec命令时出现问题
echo shell_exec('/usr/bin/ls');
There is no output at all on the web page or in the errors. 网页或错误中根本没有输出。 I've also tried
我也试过了
error_log(shell_exec('/usr/bin/ls');
and still nothing. 但仍然没有。
Things I've Tried or Know: 我尝试或知道的事情:
As far as I know, everything works in the chroot, except shell commands through php-fpm. 据我所知,除了通过php-fpm的shell命令外,一切都在chroot中工作。 Anyone have any idea where I went wrong and how to fix it?
任何人都知道我哪里出错了以及如何解决它?
This may sound stupid but you must just copy /bin/sh
(not /bin/bash
!) to you chroot
. 这可能听起来很愚蠢,但你必须将
/bin/sh
(不是/bin/bash
!)复制到chroot
。
For example see this question: How do I change the shell for php's exec() 例如,看到这个问题: 如何更改php的exec()的shell
If you chroot
to some directory, then this directory becomes the root for all your PHP scripts. 如果你
chroot
到某个目录,那么这个目录将成为所有PHP脚本的根目录。 That means, that if you execute /usr/bin/ls
from within PHP, it will try to exectue /srv/http/usr/bin/ls
instead. 这意味着,如果你从PHP中执行
/usr/bin/ls
,它将尝试exectue /srv/http/usr/bin/ls
。
You can copy the executable to that directory - but be aware of the security implications. 您可以将可执行文件复制到该目录 - 但请注意安全隐患。 If you copy critical system executables into the chrooted directory you basically bypass the positive effects of
chroot
. 如果将关键系统可执行文件复制到chrooted目录中,则基本上可以绕过
chroot
的正面影响。
I get no output for 我没有输出
echo shell_exec('/usr/bin/ls');
either. 无论是。 Presumably because
ls
isn't a file but a built-in command. 大概是因为
ls
不是文件而是内置命令。 Running: 运行:
echo shell_exec('ls');
outputs: 输出:
css demos favicon.ico images js path.php robots.txt routing.php test
css demos favicon.ico图片js path.php robots.txt routing.php test
which is the list of files in my root directory for the site. 这是该站点的根目录中的文件列表。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.