Exec with PHP-FPM on nginx (under chroot) returns nothing
Question
I've created a nginx server in a chroot at /srv/http with php-fpm. Both services use the http user and it works fine. The problem comes when I try to run an exec command such as
echo shell_exec('/usr/bin/ls');
There is no output at all on the web page or in the errors. I've also tried
error_log(shell_exec('/usr/bin/ls');
and still nothing.
Things I've Tried or Know:
- safe mode off
- exec enabled
- user is http (using phpinfo())
- display_errors = on
- error_reporting = E_ALL
- sudo /usr/bin/chroot --userspec=http:http /srv/http ls works fine
- Can create file and read from it using file_puts_content and fopen/fread
- tried shell_exec,exec,system, and passthrough - nothing worked
- tried appending 2>&1 to the end of the command and nothing
- I've copied all the executables and libraries necessary over
- all libraries, binaries, and everything under /srv/http/www (where the webpages are) have executable and read permissions
- doc_root is www
As far as I know, everything works in the chroot, except shell commands through php-fpm. Anyone have any idea where I went wrong and how to fix it?
3 answers
solution1
1 2013-07-14 07:29:16
This may sound stupid but you must just copy /bin/sh (not /bin/bash !) to you chroot .
For example see this question: How do I change the shell for php's exec()
solution2
0 2013-06-09 09:41:36
If you chroot to some directory, then this directory becomes the root for all your PHP scripts. That means, that if you execute /usr/bin/ls from within PHP, it will try to exectue /srv/http/usr/bin/ls instead.
You can copy the executable to that directory - but be aware of the security implications. If you copy critical system executables into the chrooted directory you basically bypass the positive effects of chroot .
solution3
0 2013-07-14 07:45:01
I get no output for
echo shell_exec('/usr/bin/ls');
either. Presumably because ls isn't a file but a built-in command. Running:
echo shell_exec('ls');
outputs:
css demos favicon.ico images js path.php robots.txt routing.php test
which is the list of files in my root directory for the site.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.