View Single Post
Old 11-15-2004, 06:57 AM   #7
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
http://fr.php.net/manual/fr/ref.exec.php
http://bugs.php.net/bug.php?id=29001


Note on XP users: XP-Home edition does not allow to set rights directly on files and folders. You should use cacls command-line utility to do this.

For example:

cacls c:\windows\system32\cmd.exe /E /G IUSR_ADMIN2003:F

gives IIS user full access to cmd.exe (potential security hole!), so PHP can fork and execute external programs.

__________________

MORE ON THE UNABLE TO FORK MESSAGES IN WINDOWS:

I would like to confirm that this issue relates to permissions on %SYSTEMROOT%\SYSTEM32. The user (usually the anonymous login) must have execute permissions on cmd.exe

This is unlike most other programming languages. For example, in C the spawn and exec functions do not try to open a shell, they create the new process directly. PHP creates the new process via cmd.exe (or command.com) much like the C system() function. This is good for those of you who are trying to run batch files but this is very ineffecient for running other .exe files.

I feel uneasy about lifting permissions in my system32 directory but you can get around this by copying cmd.exe to your PHP directory. Windows will look there first and if it is not there it will check the path. Note: I mean the directory where php.exe is, not your script directory.

I have confirmed this by running filemon.exe while trying to execute a script, and you can see it trying to start the cmd.exe process.

__________________

This is not a problem in the PHP.
The problem is related to the execution permissions over the CMD to the
IUSR_machine and the ZIP exe file.

I do fork to GPG.exe in ISAPI/CGI modes. Using popen and proc_open.

According to the mode ISAPI/CGI the IWAM_/IUSR_ user must have read &
execute permissions over the CMD and the EXE file that you try to call.

This sentence put the needed permissions:

cacls cmd.exe /E /G MACHINE\IUSR_MACHINE:R
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote