The Problem
I have a PHP script that uses shell_exec
to run a pdf-to-text converter. To simplify the problem I've created a short script that uses shell_exec
to just echo the output of the dir
command.
<?php
$cmd = 'C:\\WINDOWS\\system32\\cmd.exe /c ';
echo shell_exec($cmd.' dir');
?>
When I run this on my Apache server, everything works as expected. When I switch to IIS, it's as though the line is skipped entirely: no errors, no output, no logs, no nothing.
Unfortunately, I need to use IIS because I'm going to authenticate my users against active directory.
Here's what I've tried so far:
- Issue the command through
cmd.exe /c
rather than issuing it directly - Give
Read & Execute
permission toSERVICE
on "C:\WINDOWS\system32\cmd.exe" - Give
Read & Execute
permission toNETWORK SERVICE
on "C:\WINDOWS\system32\cmd.exe" - Give
Read & Execute
permission toIUSR_MACHINENAME
on "C:\WINDOWS\system32\cmd.exe" - Give
Read & Execute
permission toEveryone
on "C:\WINDOWS\system32\cmd.exe" (don't worry, it didn't stay like that for long, haha) - Run PHP as an ASAPI module
- This is my standard configuration
- Run PHP as a CGI extention
- This does not work, I get an error:
CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers.
- This does not work, I get an error:
- In IIS Manager, set
Execute Permissions
toScripts and Executables
on your website - Added html markup and other php functions to script to see if that gets processed; it does. It's as if the
shell_exec
bit just gets skipped.
Thank you so much for looking at this question, I am now pulling my hair out with the problem
Cheers, Iain
Update 1
I really didn't want to do this, but as a stop gap until I find a proper solution I'm running Apache on the web server (which runs shell_exec fine) and I call my apache script via cURL. It's ugly, but it works :).
Update 2
I'm beginning to think this isn't so much an issue with IIS or permissions as such, but perhaps a result of some policy we have on our network - although I can't imagine what. Any ideas from left of field?