On 7/28/2011 9:09 AM, Bulent Malik wrote:
> Hi
> I use php5.3 on freebsd
> I also use pf ( packet filter) on it.
> I need to execute pfctl in php script.  But I couldn't execute . I don't get
> any errors about that.
> Shell commands is allowed in  php.ini My 
> My script is below,
>  shell_exec('pfctl -s nat');
> exec('pfctl -s nat');
> If I execute another command like this ; it works
> shell_exec('ls -l /var/tmp') ;
> What can the problem be ? 

Run the following command from your cli

which pfctl

If the results show, like mine does, that pfctl is in /sbin/pfctl then you will
not be able to run that command.  Your www doesn't have the /sbin/ folders in
its path.

Try this instead.

shell_exec('which pfctl') ;

If you get results, you should be able to execute it.

But, on the flip side, it re-writes /etc/pf.conf  and on my box, its permissions
are "-rw-------".  So, you can assume that nobody besides root will be able to
write to this file.

Now, if you go the route Shawn talked about, it will work.  Just be sure to
limit the sudoers to only allow the pfctl command and not all allow all commands
on your system.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to