Shell exec php ini

How to enable exec function in php.ini : Let’s figure it out

Exec is a PHP function used to execute an external program like a script.

But the execution of external programs creates a security risk that attackers can misuse.

At Bobcares, we often get requests to enable PHP functions, as part of our Server Management Services.

Today, let’s see how our Support Engineers enable this function. We’ll also discuss the security risk related to the exec function.

What is the exec function?

The exec is an inbuilt PHP function. It replaces a currently running process with the new program. PHP uses the function to execute a program and it returns the last line of the output.

Many WordPress image optimization plugins make use of this function. Hence WordPress users often approach us to enable this function.

Security risk in enabling exec function

PHP has certain dangerous functions that can make a server vulnerable to attacks. These functions include system, passthru, shell_exec, exec, etc.

Hence our Support Engineers always recommend our customers to disable these functions in the server. And these functions will be listed in the disable_functions directive in a php.ini file.

By enabling exec function there is a possible security threat. Attacks may use this function to run programs in servers that can lead to data corruption and data loss.

Considering the security risks, we suggest customers enabling the exec function on a per-account basis. Thus, it gives better tracking of user activity.

How we enable exec function in PHP?

One of the wisest choices is to enable the exec function in dedicated or VPS servers.

Usually, we enable this function via the php.ini file. But for cPanel accounts, we can do this via WHM. Now, let’s see how our Support Engineers enable it.

Using php.ini to enable exec function

To enable this function, we login to the server as the root user.

Then we open the php.ini file and search for exec function. Usually, this function will be disabled. So, we check the disable_functions directive which appears as,

disable_functions = "show_source, system, shell_exec, exec"

Hence we remove exec from the line and save the file. Thus we enabled the exec function in the server.

In addition, if the PHP handler is suPHP or LSPHP, then we have to add the directive in the .htaccess file also.

MultiPHP INI Editor

For cPanel customers we enable the exec function from the WHM. But the change will reflect in all cPanel accounts in WHM. So we don’t use this method to enable exec in one cPanel account.

• To enable the function in all the accounts, we log in to the WHM.
• Then we select the MultiPHP INI Editor from the Software section.
• Next, we enter into the Editor Mode and choose the corresponding PHP version.
• There we remove the exec function from disable_functions directive.
• Finally, we save the changes.

Hence it enables the function server-wide.

[Need more help to enable PHP functions? – We’re available 24/7.]

Conclusion

In short, exec function is usually disabled in a server, as it allows attackers to execute external programs that can crack a server. Today, we saw how our Support Engineers enable exec function in php.ini.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

2 Comments

hello, is there any other ways to enable this function without touching php.ini ? i dont have access to php.ini in my host. Reply

Hello Erfan,
Enabling the exec function needs access to the php.ini file. Considering security risks, most Hosting providers control this function at the root access level.
A VPS server with root access allows you to do such customization. Reply

Источник

How To Enable or Disable Shell_exec in PHP

Open the PHP.ini file and remove ?exec? on ?disable_functions?:

disable_functions=show_source, system, shell_exec, exec

So it will become like this:

disable_functions=show_source, system, shell_exec

Then restart PHP service, use one of these commands:

/etc/init.d/php-fpm restart /etc/init.d/php5-fpm restart /etc/init.d/php7.0-fpm restart

Disable Exec() in PHP.ini

Open the PHP.ini file and add ?exec? on ?disable_functions?:

disable_functions=show_source, system, shell_exec

So it will become like this:

disable_functions=show_source, system, shell_exec, exec

Then restart PHP service, use one of these commands:

/etc/init.d/php-fpm restart /etc/init.d/php5-fpm restart /etc/init.d/php7.0-fpm restart

Share this post

Popular Posts

From our Knowledgebase

Quick Links

Contact Us

• Phone: +234 (0) 1 700 6727
• Email:info [at] ynetinteractive.com
• Skype: ynet.interactive
• Working Days/Hours: Mon — Fri / 8:30 AM — 5:30 PM

Follow Us

web developer, SSL certificate, web DEVELOPER Nigeria, web design abuja, website designer in abuja, ynet interactive, SCHOOL SOFTWARE, business SOFTWARE in abuja, web DEVELOPMENT COMPANY in abuja, web DESIGNER in nigeria, WEB PORTAL developer in abuja, best web DEVELOPMENT COMPANY in nigeria, best web design abuja, best web designers in abuja, top web DEVELOPMENT firm, top DEVELOPMENT firms, Nigeria, web developer, bulk sms website design nigeria, bulk SMS SOFTWARE, responsive website, SCHOOL PORTAL development in Nigeria, school software, Nigerian website designer company, web hosting companies in nigeria, website designer, web designers in nigeria, branding company in nigeria, abuja branding agency, responsive website designer, ssl certificate company, buy ssl nigeria, ERP, ERP solution nigeria, web site developer in Nigeria, software firm, software development in abuja, web portal developers, business applications, web, MOBILE APPLICATION development, MOBILE APP DEVELOPMENT, mobile developer in nigeria, mobile app abuja, app development company, school website design, online store developer in abujanigeria, school website hosting, android app developer, ios app developer in nigeria,web application nigeria, mobile application developer, best mobile developer abuja nigeria, BUY SSL certificate nigeria, ssl certificate in nigeria, domain registration, bulk sms software

Services

Design

Источник

Shell exec php ini

U.S. Dollar Euro British Pound Canadian Dollars Australian Dollars Indian Rupees China Yuan RMB More Info →

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page.

How to enable exec()

You can modify different php settings for your account using a php.ini file. We recommend using our default php.ini file which is the most compatible with our servers and was specifically created to optimize the process of php values modification. You can learn how to find and edit php.ini on our shared servers here:

To enable exec() function, you need to remove it from the following line in your php.ini file:

disable_functions = «show_source, system, shell_exec, exec»

1. Open your php.ini and find the following section:

2. Remove exec from the line and click on Save Changes:

3. If you need to disable show_source, system or shell_exec as well, just add them back to the line and save the changes.

If your account is hosted on a shared server, the suPHP or LSPHP configuration directive should be added to your .htaccess file to make these settings global for the entire account. You can find step-by-step instructions here.

In case your account is located on a business server, no other modifications should be applied.

Need any help? Contact our HelpDesk

Источник

How to execute shell commands via PHP

This post discusses how to execute shell commands via PHP. The ability to execute shell commands is a powerful feature and should be used carefully. As such, not all hosting providers will allow you to execute shell commands.

Did you know that you can disable PHP functions in the php.ini file using the disable_functions directive? A disabled function will return an error like this: “Fatal error: Uncaught Error: Call to undefined function shell_exec()”.

The PHP functions to execute shell command are: shell_exec(), exec() or system(). These functions are remarkably similar but have slight differences. Let’s take a look.

shell_exec(): string

The shell_exec() function returns a string or NULL value. The returned string will contain the output of the command that you executed. However, the shell_exec() function will return a NULL if an error has occurred. You can also expect a NULL value if the command produces no output.

This command requires the following parameters:

Next, let’s look at how you can use the shell_exec() function to return a directory listing of a Linux machine:

This will output the following:

total 2097248 drwxr-xr-x 2 root root 4096 Apr 26 19:07 opt drwxr-xr-x 2 root root 4096 Apr 26 19:07 media drwxr-xr-x 2 root root 4096 Apr 26 19:07 lib64 lrwxrwxrwx 1 root root ….

exec(string $ cmd, array &$output = null, int &$resultCode = null): string|false

The exec() function returns the last line of the executed command as a string. However, this command can also return FALSE if an error has occurred.

This command requires the following parameters:

• $cmd – Expects a string value that holds the command that you want to execute.
• &$output – Is an optional parameter that expects an array variable. The exec() function will update the variable with every line of output from the command. Trailing white space, such as \n, is not included in this array. Also, exec() will append to the end of the array if the array already contains items.
• &$resultCode – Is an optional parameter that expects an integer variable. The exec() function will update the variable with the exit status of the executed command.

The & symbol means that the variable’s value will be updated when it changes inside the function. In other words, the variable is passed by reference.

Next, let’s look at how you can use the exec() function to return memory information of a Linux machine:

This will output the following:

Returned with status 0 and output: Array ( [0] => total used free shared buff/cache available [1] => Mem: 16351256 9143564 283052 282788 6924640 6661072 [2] => Swap: 2097148 279644 1817504 ) 

system(string $cmd, int &$resultCode = null): string|false

The system() function is similar to the exec() function. It will however display output directly (without using echo() or print()).

This command requires the following parameters:

• $cmd – Expects a string value that holds the command that you want to execute.
• &$resultCode – Is an optional parameter that expects an integer variable. The exec() function will then update the variable with the exit status of the executed command.

Finally, let’s see how the system command is used using the exec() example from above:

This will output the following:

 total used free shared buff/cache available Mem: 16351256 9246984 238044 307576 6866228 6531868 Swap: 2097148 285036 1812112 Returned with status 0 and output: 

Wrapping up

It is easy to execute shell commands in PHP. Also, the shell_exec(), exec() or system() function must not be disabled in the php.ini file.

You may also be interested in

Anto’s editorial team loves the cloud as much as you! Each member of Anto’s editorial team is a Cloud expert in their own right. Anto Online takes great pride in helping fellow Cloud enthusiasts. Let us know if you have an excellent idea for the next topic! Contact Anto Online if you want to contribute.

Support Anto Online and buy us a coffee. Anything is possible with coffee and code.

Related Posts

Scan Your Docker Images and Containers with VirusTotal: A Step-by-Step Guide

Accelerate Your Performance Testing on Ubuntu with k6 and Postman-to-k6

Solve the “Cannot read properties of undefined (reading ‘type’)” error with these simple fixes

About Anto Online

Having started his career in 1999 as a Desktop Support Engineer, Anto soon changed paths and became a developer. After several years of development experience, he transitioned into a consultant. As an enterprise application consultant for a leading SaaS software provider, Anto specializes in AWS’s serverless technologies. By day, Anto focuses on helping customers leverage the power of serverless technologies. By night, he indulges his passion for cloud computing by playing with Python and trying out things that are currently beyond the scope of his work. Sometimes Anto needs help as there are not enough hours at night. So Anto relies on a team of fellow Cloud enthusiasts to help him out. Each one is a Cloud expert in their own right, and Anto takes great pride in helping them learn and grow. View all posts by Anto Online →

Источник