Get the most out of your Centmin Mod LEMP stack
Become a Member

PHP-FPM exec PHP and shell_exec PHP function

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Sunka, Oct 6, 2016.

  1. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    2:38 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    For image optimisation with this addon, exec PHP and shell_exec PHP function need to be enabled.
    How to see is it enabled, and if is not, how to enabling it?

    Is it safe to that two function be enabled?

     
  2. hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    3:38 AM
    hello
    you can check your php-fpm.conf file for these functions in this path
    Code:
    /usr/local/etc/php-fpm.conf
    shortcut for this is fpmconf and it opens with nano.

    you can find php_admin_value[disable_functions] near the end.

    regarding if it is safe or not, do not quote me on this but i believe it has to do with what you are running on your server.
    if somehow you can give permissions to execute these functions only by the script you need then it could be safer i think
     
  3. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    2:38 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    I can see only for shell_exec php-fpm.conf, not for another one exec PHP

    Code:
    php_admin_value[disable_functions] = shell_exec
    To enable, I just deleteshell_exec, so that row will be:
    Code:
    php_admin_value[disable_functions] = 
    or just to comment out that row?

    What about another one variable?
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,802
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    10:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup @hitman directions are correct, only shell_exec is disable via php-fpm.conf so need to re-enable it by removing the entry and check your phpinfo file to see
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,802
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    10:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    2:38 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Also, trying to find is PHP proc_open enabled or disabled on my server.
    I can not find it in php.ini nor other php conf file.
    So it is enabled or...?
     
  7. eva2000

    eva2000 Administrator Staff Member

    55,802
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    10:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    if not set in disable_functions listing in phpinfo output, then not disabled

    also if a function is disabled and set in disable_functions, and your php script requires the function, it will log into nginx error log that disable_function is attempting to be used

    i.e. attempting to run shell.php with shell_exec command when it's set in disable_functions
    Code (Text):
    2016/10/06 00:19:21 [error] 14781#14781: *1 FastCGI sent in stderr: "PHP message: 
    PHP Warning:  shell_exec() has been disabled for security reasons in shell.php on line 2"
    while reading response header from upstream, client: ip, server: centos7.localdomain, request: "GET /shell.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "hostip"
     
    Last edited: Oct 6, 2016