Php shell exec включить

как включить shell_exec и exec на php?

(Некоторые упоминания об этом в Интернете, но ни одно из решений не работало). Я хочу иметь возможность использовать shell_exec и exec из PHP script. Значение, используйте:

Согласно ссылке, которую я нашел в Интернете (http://forums.cpanel.net/f5/enable-shell_exec-one-user-109601.html), один из способов сделать это — добавить в VirtualHost директивы:

  php_admin_value suhosin.executor.func.blacklist = "shell_exec" 

 28/07/14 17:18:26: Syntax error on line 1 of /etc/httpd/conf.d/serv1.conf: 28/07/14 17:18:26: php_admin_value takes two arguments, PHP Value Modifier (Admin) 

и сервер не перезапускается. Любые идеи о том, как включить exec и shell_exec? Я не могу проследить происхождение этой ошибки. EDIT: Я не являюсь корнем на машине. Я не смог найти файл php.ini, но есть файл /etc/httpd/conf.d/php.conf, и он не имеет disable_functions. Вот он:

 # # PHP is an HTML-embedded scripting language which attempts to make it # easy for developers to write dynamically generated webpages. # LoadModule php5_module modules/libphp5.so LoadModule php5_module modules/libphp5-zts.so # # Cause the PHP interpreter to handle files with a .php extension. # AddHandler php5-script .php AddType text/html .php # # Add index.php to the list of files that will be served as directory # indexes. # DirectoryIndex index.php # # Uncomment the following line to allow PHP to pretty-print .phps # files as PHP source code: # #AddType application/x-httpd-php-source .phps 

Источник

How to enable exec function in php.ini : Let’s figure it out

Exec is a PHP function used to execute an external program like a script.

But the execution of external programs creates a security risk that attackers can misuse.

At Bobcares, we often get requests to enable PHP functions, as part of our Server Management Services.

Today, let’s see how our Support Engineers enable this function. We’ll also discuss the security risk related to the exec function.

What is the exec function?

The exec is an inbuilt PHP function. It replaces a currently running process with the new program. PHP uses the function to execute a program and it returns the last line of the output.

Many WordPress image optimization plugins make use of this function. Hence WordPress users often approach us to enable this function.

Security risk in enabling exec function

PHP has certain dangerous functions that can make a server vulnerable to attacks. These functions include system, passthru, shell_exec, exec, etc.

Hence our Support Engineers always recommend our customers to disable these functions in the server. And these functions will be listed in the disable_functions directive in a php.ini file.

By enabling exec function there is a possible security threat. Attacks may use this function to run programs in servers that can lead to data corruption and data loss.

Considering the security risks, we suggest customers enabling the exec function on a per-account basis. Thus, it gives better tracking of user activity.

How we enable exec function in PHP?

One of the wisest choices is to enable the exec function in dedicated or VPS servers.

Usually, we enable this function via the php.ini file. But for cPanel accounts, we can do this via WHM. Now, let’s see how our Support Engineers enable it.

Using php.ini to enable exec function

To enable this function, we login to the server as the root user.

Then we open the php.ini file and search for exec function. Usually, this function will be disabled. So, we check the disable_functions directive which appears as,

disable_functions = "show_source, system, shell_exec, exec"

Hence we remove exec from the line and save the file. Thus we enabled the exec function in the server.

In addition, if the PHP handler is suPHP or LSPHP, then we have to add the directive in the .htaccess file also.

MultiPHP INI Editor

For cPanel customers we enable the exec function from the WHM. But the change will reflect in all cPanel accounts in WHM. So we don’t use this method to enable exec in one cPanel account.

• To enable the function in all the accounts, we log in to the WHM.
• Then we select the MultiPHP INI Editor from the Software section.
• Next, we enter into the Editor Mode and choose the corresponding PHP version.
• There we remove the exec function from disable_functions directive.
• Finally, we save the changes.

Hence it enables the function server-wide.

[Need more help to enable PHP functions? – We’re available 24/7.]

Conclusion

In short, exec function is usually disabled in a server, as it allows attackers to execute external programs that can crack a server. Today, we saw how our Support Engineers enable exec function in php.ini.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

2 Comments

hello, is there any other ways to enable this function without touching php.ini ? i dont have access to php.ini in my host. Reply

Hello Erfan,
Enabling the exec function needs access to the php.ini file. Considering security risks, most Hosting providers control this function at the root access level.
A VPS server with root access allows you to do such customization. Reply

Источник

How To Enable or Disable Shell_exec in PHP

Open the PHP.ini file and remove ?exec? on ?disable_functions?:

disable_functions=show_source, system, shell_exec, exec

So it will become like this:

disable_functions=show_source, system, shell_exec

Then restart PHP service, use one of these commands:

/etc/init.d/php-fpm restart /etc/init.d/php5-fpm restart /etc/init.d/php7.0-fpm restart

Disable Exec() in PHP.ini

Open the PHP.ini file and add ?exec? on ?disable_functions?:

disable_functions=show_source, system, shell_exec

So it will become like this:

disable_functions=show_source, system, shell_exec, exec

Then restart PHP service, use one of these commands:

/etc/init.d/php-fpm restart /etc/init.d/php5-fpm restart /etc/init.d/php7.0-fpm restart

Share this post

Popular Posts

From our Knowledgebase

Quick Links

Contact Us

• Phone: +234 (0) 1 700 6727
• Email:info [at] ynetinteractive.com
• Skype: ynet.interactive
• Working Days/Hours: Mon — Fri / 8:30 AM — 5:30 PM

Follow Us

web developer, SSL certificate, web DEVELOPER Nigeria, web design abuja, website designer in abuja, ynet interactive, SCHOOL SOFTWARE, business SOFTWARE in abuja, web DEVELOPMENT COMPANY in abuja, web DESIGNER in nigeria, WEB PORTAL developer in abuja, best web DEVELOPMENT COMPANY in nigeria, best web design abuja, best web designers in abuja, top web DEVELOPMENT firm, top DEVELOPMENT firms, Nigeria, web developer, bulk sms website design nigeria, bulk SMS SOFTWARE, responsive website, SCHOOL PORTAL development in Nigeria, school software, Nigerian website designer company, web hosting companies in nigeria, website designer, web designers in nigeria, branding company in nigeria, abuja branding agency, responsive website designer, ssl certificate company, buy ssl nigeria, ERP, ERP solution nigeria, web site developer in Nigeria, software firm, software development in abuja, web portal developers, business applications, web, MOBILE APPLICATION development, MOBILE APP DEVELOPMENT, mobile developer in nigeria, mobile app abuja, app development company, school website design, online store developer in abujanigeria, school website hosting, android app developer, ios app developer in nigeria,web application nigeria, mobile application developer, best mobile developer abuja nigeria, BUY SSL certificate nigeria, ssl certificate in nigeria, domain registration, bulk sms software

Services

Design

Источник

What is shell exec() function and how to enable or disable it on Linux server?

PHP is an open source scripting language executed on the server and it is used for making dynamic and interactive web pages. It is basically used to develop web-based software applications Web based functionalities, system related scripting and execution features are provided by PHP to develop web application. It runs in many platforms like Windows, Mac OS X, Linux, Ubuntu, etc. It is compatible with all servers and support wide variety of database.

Shell scripts and commands are executed by just requesting a webpage over internet. The web server receive the request and then pass it to PHP interpreter. Special functions are used to run the shell script or command. shell_exec() allows the programmer to execute shell commands in PHP. Shell_exec() command is used to execute commands for server scripts and it returns the output as a string. This command is used to track the real time GPS information and integrate complicated bin-packing algorithms written in PHP. The function will produce an online game that is connected in game server through web browser when it is combined with Ajax and a game engine and avoid Java applets and flash. Though this function, UNIX terminals are used for sending the commands and arguments to software on the server and get the response from the software.

In this technique, the administrator don’t want to login to the server through SSH or other means to run shell commands and scripts on the Server. When the above code is executed, the result will be the host name of the server. Shell_exec() function returns NULL if an error occurs or output is not produced. This function is identical to backtick operator and cannot be executed in safe mode. Commands like “cmd”, “cd” can be executed using this function, but the Perl script cannot be executed.

“Shell_exec() is disabled for security reasons” Warning:

The above warning occurs because shell_exec() is disabled on the server and the function has to be enabled to execute the script completely.

• For that login to WHM.
• Click on MultiPHP INI Editor.
• Then go to Editor Mode and choose particular version in which you want to make changes.
• Here find the “disable_functions” and add shell_exec() function to disable the function.

• For that login to WHM.
• Click on MultiPHP INI Editor.
• Then go to Editor Mode and choose particular version in which you want to make changes.
• Here find the “disable_functions” and remove the shell_exec() function to enable the function.

Author bhawanisingh Views 16,703 First release Aug 7, 2018 Last update Aug 7, 2018 Rating 0.00 star(s) 0 ratings

Источник