Re: Re: [PHP] Execute permission question
On 28 Oct 2011 at 16:01, Tedd Sperling wrote: > On Oct 27, 2011, at 7:49 PM, Daniel Brown wrote: > But does having execute permissions set on a script affect the scripts ability > to run shell commands? No, as Dan has said. But if you have a file called wiggy, containing the following: #!/usr/bin/php then you can run it at the command line by typing its name at the prompt - but wiggy will need to have execute permission set. -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Oct 28, 2011, at 11:07 AM, Daniel Brown wrote: > On Fri, Oct 28, 2011 at 11:01, Tedd Sperling wrote: >> >> But does having execute permissions set on a script affect the scripts >> ability to run shell commands? > >Negative. It won't inherit permissions, though one might expect > that to make sense. > >> For example, if I have a script that contains a shell command, can I >> prohibit that script from executing the command by setting it's execute >> permission to not execute? > >No, the best you could do is disable all shell access, or limit > the commands that can be run via the shell, but the latter option is > getting beyond the scope of a PHP question. > >> Certainly, as is my normal custom, I could try it and find out for myself -- >> but I have always been reluctant to use shell commands. Besides, never >> having used them, I don't see their advantage yet. Currently, they seem >> strange and dangerous to me. > >If you're doing it on php1.net, you're safe. The only damage that > can happen on that server is to your own account. That's > unfortunately not true of all hosting providers, but you're good > there. ;-P > > -- > Mucho thanks for the clarification, information, and authorization. I'll keep that in mind re php1.net and try not to be a teddzilla when I investigate shell commands. :-) Cheers, tedd PS: I have not trimmed the post because I think it is important to repeat this. t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Fri, Oct 28, 2011 at 11:01, Tedd Sperling wrote: > > But does having execute permissions set on a script affect the scripts > ability to run shell commands? Negative. It won't inherit permissions, though one might expect that to make sense. > For example, if I have a script that contains a shell command, can I prohibit > that script from executing the command by setting it's execute permission to > not execute? No, the best you could do is disable all shell access, or limit the commands that can be run via the shell, but the latter option is getting beyond the scope of a PHP question. > Certainly, as is my normal custom, I could try it and find out for myself -- > but I have always been reluctant to use shell commands. Besides, never having > used them, I don't see their advantage yet. Currently, they seem strange and > dangerous to me. If you're doing it on php1.net, you're safe. The only damage that can happen on that server is to your own account. That's unfortunately not true of all hosting providers, but you're good there. ;-P -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Oct 27, 2011, at 7:49 PM, Daniel Brown wrote: > On Thu, Oct 27, 2011 at 19:44, Tedd Sperling wrote: >> >> One of the things I'm trying to understand is a php script can execute a >> shell command, right? Is there a way via permissions to prevent that -- or >> -- does that even have anything to do with it? That's where I'm fuzzy. > >Sure. What PHP actually does is interface with a forked shell > (usually 'sh' by default) process, and the shell then has permission > controls and requirements of its own, defined by the operating > system's configuration. So PHP isn't actually executing the commands, > per se, but is instead instructing the shell to do so itself. To see > how to limit PHP's shell access, look into safe_mode and the like. > > -- > > Network Infrastructure Manager > http://www.php.net/ Daniel: Thanks. But does having execute permissions set on a script affect the scripts ability to run shell commands? For example, if I have a script that contains a shell command, can I prohibit that script from executing the command by setting it's execute permission to not execute? Certainly, as is my normal custom, I could try it and find out for myself -- but I have always been reluctant to use shell commands. Besides, never having used them, I don't see their advantage yet. Currently, they seem strange and dangerous to me. As always, your insight is welcomed. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Oct 28, 2011, at 7:19 AM, Geoff Shang wrote: > On Thu, 27 Oct 2011, Tedd Sperling wrote: > >> You answered a question I wasn't prepared to ask, which was "How can php >> scripts be executed when their execute permissions aren't set?" > > Because as far as the system is concerned, the thing which is being executed > is either PHP itself or something in which PHP is being run (e.g. Apache). > The fact that PHP then loads a script and executes it is not really the point. > > When used in websites, it's the webserver itself which loads the PHP > interpreter which in turn loads the script. > > So the webserver needs to be executable. The Apache module, for example, > does not because Apache loads it into Apache which is already running. > > If you're not actually running programs on the host itself via a shell, then > you probably won't need execute permissions most of the time. > > Geoff. Geoff: Thanks -- this is one of those things that normally "goes without saying" but by doing so remains a question to some. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Thu, 27 Oct 2011, Tedd Sperling wrote: You answered a question I wasn't prepared to ask, which was "How can php scripts be executed when their execute permissions aren't set?" Because as far as the system is concerned, the thing which is being executed is either PHP itself or something in which PHP is being run (e.g. Apache). The fact that PHP then loads a script and executes it is not really the point. When used in websites, it's the webserver itself which loads the PHP interpreter which in turn loads the script. So the webserver needs to be executable. The Apache module, for example, does not because Apache loads it into Apache which is already running. If you're not actually running programs on the host itself via a shell, then you probably won't need execute permissions most of the time. Geoff. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Thu, Oct 27, 2011 at 19:44, Tedd Sperling wrote: > > One of the things I'm trying to understand is a php script can execute a > shell command, right? Is there a way via permissions to prevent that -- or -- > does that even have anything to do with it? That's where I'm fuzzy. Sure. What PHP actually does is interface with a forked shell (usually 'sh' by default) process, and the shell then has permission controls and requirements of its own, defined by the operating system's configuration. So PHP isn't actually executing the commands, per se, but is instead instructing the shell to do so itself. To see how to limit PHP's shell access, look into safe_mode and the like. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Oct 27, 2011, at 6:27 PM, Daniel Brown wrote: > On Thu, Oct 27, 2011 at 18:15, Tedd Sperling wrote: >> That question begged the question of "What does execute mean?" > >It means "execute." Not to be confused with what others are > mentioning here, which is "read and interpret." If you run something > through PHP, Perl, Python, or another parser/interpreter, it doesn't > need to be executable by the user, only readable. > >A caveat to this, of course, is that some scripts (such as those > run via CGI) will usually need to be executable. You may recall, back > in the 90's, that any Perl scripts you'd upload to your cgi-bin needed > to be chmod'd to 0755. > > -- > One of the things I'm trying to understand is a php script can execute a shell command, right? Is there a way via permissions to prevent that -- or -- does that even have anything to do with it? That's where I'm fuzzy. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Oct 27, 2011, at 6:27 PM, Daniel Brown wrote: > On Thu, Oct 27, 2011 at 18:15, Tedd Sperling wrote: >> >> Ash: >> >> You answered a question I wasn't prepared to ask, which was "How can php >> scripts be executed when their execute permissions aren't set?" >> >> That question begged the question of "What does execute mean?" > >It means "execute." Not to be confused with what others are > mentioning here, which is "read and interpret." If you run something > through PHP, Perl, Python, or another parser/interpreter, it doesn't > need to be executable by the user, only readable. > >A caveat to this, of course, is that some scripts (such as those > run via CGI) will usually need to be executable. You may recall, back > in the 90's, that any Perl scripts you'd upload to your cgi-bin needed > to be chmod'd to 0755. > > -- > Thanks for the wayback machine ride -- my memory cells have long expunged that data for more useless information. Good point re comparison of "execute" vs "read and interpret" -- that will end up in the minds of students to ponder. Thanks, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Thu, Oct 27, 2011 at 18:15, Tedd Sperling wrote: > > Ash: > > You answered a question I wasn't prepared to ask, which was "How can php > scripts be executed when their execute permissions aren't set?" > > That question begged the question of "What does execute mean?" It means "execute." Not to be confused with what others are mentioning here, which is "read and interpret." If you run something through PHP, Perl, Python, or another parser/interpreter, it doesn't need to be executable by the user, only readable. A caveat to this, of course, is that some scripts (such as those run via CGI) will usually need to be executable. You may recall, back in the 90's, that any Perl scripts you'd upload to your cgi-bin needed to be chmod'd to 0755. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Oct 27, 2011, at 4:51 PM, Ashley Sheridan wrote: > Yes, I just ran a quick test PHP script without any execute permissions set > at all, only rw-rw-r-- and it ran just fine, suggesting it is just an > argument as Larry said. > > I don't think Apache needs execute permissions set on PHP files or pages > either, only read rights. > > -- > Thanks, > Ash Ash: You answered a question I wasn't prepared to ask, which was "How can php scripts be executed when their execute permissions aren't set?" That question begged the question of "What does execute mean?" I find the topic of permissions complicated when they can be overridden elsewhere. Thanks, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute permission question
On Thu, 2011-10-27 at 14:41 -0600, Larry Martell wrote: > On Thu, Oct 27, 2011 at 2:26 PM, Tedd Sperling > wrote: > > Hi gang: > > > > Another question -- in the context of file permissions (rwx) is the execute > > permission limited to shell commands -- Or -- is there more? > > Not sure I fully understand your question, but to execute anything > directly - shell script, python script, perl script, binary program - > you need the x bit set. I say directly because you could do: 'perl > script' without script being executable (because in that case it's an > argument to the perl executable). > > > HTH, > -larry > Yes, I just ran a quick test PHP script without any execute permissions set at all, only rw-rw-r-- and it ran just fine, suggesting it is just an argument as Larry said. I don't think Apache needs execute permissions set on PHP files or pages either, only read rights. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Execute permission question
On Thu, Oct 27, 2011 at 2:26 PM, Tedd Sperling wrote: > Hi gang: > > Another question -- in the context of file permissions (rwx) is the execute > permission limited to shell commands -- Or -- is there more? Not sure I fully understand your question, but to execute anything directly - shell script, python script, perl script, binary program - you need the x bit set. I say directly because you could do: 'perl script' without script being executable (because in that case it's an argument to the perl executable). HTH, -larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php