Discover Centmin Mod today
Register Now

PHP-FPM exec PHP and shell_exec PHP function

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Sunka, Oct 6, 2016.

  1. Sunka

    Sunka Well-Known Member

    1,140
    312
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +508
    Local Time:
    2:09 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    For image optimisation with this addon, exec PHP and shell_exec PHP function need to be enabled.
    How to see is it enabled, and if is not, how to enabling it?

    Is it safe to that two function be enabled?
     
  2. hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    3:09 PM
    hello
    you can check your php-fpm.conf file for these functions in this path
    Code:
    /usr/local/etc/php-fpm.conf
    shortcut for this is fpmconf and it opens with nano.

    you can find php_admin_value[disable_functions] near the end.

    regarding if it is safe or not, do not quote me on this but i believe it has to do with what you are running on your server.
    if somehow you can give permissions to execute these functions only by the script you need then it could be safer i think
     
  3. Sunka

    Sunka Well-Known Member

    1,140
    312
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +508
    Local Time:
    2:09 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    I can see only for shell_exec php-fpm.conf, not for another one exec PHP

    Code:
    php_admin_value[disable_functions] = shell_exec
    To enable, I just deleteshell_exec, so that row will be:
    Code:
    php_admin_value[disable_functions] = 
    or just to comment out that row?

    What about another one variable?
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,155
    10,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,919
    Local Time:
    10:09 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yup @hitman directions are correct, only shell_exec is disable via php-fpm.conf so need to re-enable it by removing the entry and check your phpinfo file to see
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,155
    10,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,919
    Local Time:
    10:09 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  6. Sunka

    Sunka Well-Known Member

    1,140
    312
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +508
    Local Time:
    2:09 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    Also, trying to find is PHP proc_open enabled or disabled on my server.
    I can not find it in php.ini nor other php conf file.
    So it is enabled or...?
     
  7. eva2000

    eva2000 Administrator Staff Member

    45,155
    10,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,919
    Local Time:
    10:09 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    if not set in disable_functions listing in phpinfo output, then not disabled

    also if a function is disabled and set in disable_functions, and your php script requires the function, it will log into nginx error log that disable_function is attempting to be used

    i.e. attempting to run shell.php with shell_exec command when it's set in disable_functions
    Code (Text):
    2016/10/06 00:19:21 [error] 14781#14781: *1 FastCGI sent in stderr: "PHP message: 
    PHP Warning:  shell_exec() has been disabled for security reasons in shell.php on line 2"
    while reading response header from upstream, client: ip, server: centos7.localdomain, request: "GET /shell.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "hostip"
     
    Last edited: Oct 6, 2016