views:

229

answers:

4

I need to write a script that will give users info on a given Unix account (the same Unix server that the script lives on). Mostly thing kinds of things that are in the passwd file or available via finger.

PHP is in safe-mode, so I can't access the passwd file via something built into php like file_get_contents(). Also, because it's in safe mode, various other command-line functions are disabled.

I thought I could get the info via a socket (no clue yet what that means, but I thought I'd try) but I get a fatal error that socket_create() is an unknown function. I pulled up the php-config file (which I can't change, FYI), and sure enough, sockets are not enabled.

However, while I was in there, I saw the line '--with-exec-dir=' with no actual directory set.

So then I remembered that when I was trying EVERY command line function, that some threw "not allowed in safe-mode" type errors, while others did nothing at all. If I put something like:

echo "[[";
exec("finger user");
echo "]]";

I'd end up with [[]]. So no errors, just no results either.

Bottom line:

Is there something I haven't tried? (in general) Is there a runtime config option I can set to make exec() work?

quick note: I tried passthru() as well, specifically passthru("pwd") with still no output.

update

based on feedback, I tried both of the following:

$stuff = exec("pwd", $return);

echo "stuff=".$stuff."\n";
echo "return=";
print_r($return);

which results in:

stuff=
return=Array
(
)

and

$stuff = passthru("pwd", $return);

echo "stuff=".$stuff."\n";
echo "return=";
print_r($return);

which results in:

stuff=
return=1

The 1 sounds hopeful, but not what I want yet.

Idea

So this is actually an update of an already existing script that (please don't ask) I don't have access to. It's a perl script that's called via cgi. Is there a way to do php via cgi (so I don't have to deal with perl or rely on the older code)?

A: 

Exec returns a value, so do:

$var = exec("finger user");

and then parse the output to get what you want. You can get return status by adding in an optional variable thus:

exec("finger user", $var, $return_status);

or just:

echo exec("finger user");

if all you want is to see the output.

Satanicpuppy
+1  A: 

I'm afraid you can't do that in safe-mode. You have to remove the safe-mode if you have control of the server configuration.

I think you can't rely on sockets to read local files, sockets are used for network related things.

Julien Tartarin
A: 

exec doesn't inherently return any data.

Try something like,

exec("finger user",$output);

echo "[[";
foreach($output as $key => $value){
echo $value;
}
echo "]]";
Jestep
`[[]]`, thanks though.
Anthony
A: 

Thanks to all that responded, the following is what finally worked:

  • Create a cgi-bin folder
  • Add the following to the top of the php script:

     #!/usr/local/bin/php-cgi
    

I don't know if this is something special on my server configuration, but I can run exec() and get what I'm after.

Anthony