> -----Original Message----- > From: Chris [mailto:dmagick@xxxxxxxxx] > Sent: Friday, February 08, 2008 12:04 AM > To: Fahad javed > Cc: php-general@xxxxxxxxxxxxx > Subject: Re: killing a process through php webservice > > Fahad javed wrote: > > I am developing a webservice in PHP/Linux where I need to kill a process. > > > > I tried using > > exec("kill ".$pid); > > and > > exec("kill -KILL ".$pid); > > > > but the return value was always 1 and the process still remained. > > > > I wrote up a small shell script and have exec run that script. The script > > worked fine if invoked through command line but through php it didn't do > > anything. > > > > I have a hunch that this is because killing a process might need root > > privilages so I updated the script to: > > > > sudo -p my_passsword -u root kill $pid > > > > yet it didn't work. > > > > I still think the problem is access rights. question is how to solve it. > > > Try a full path: > > /bin/kill > > or whatever it is. > > in php, try: > > <?php > $kill_path = '/bin/kill'; > echo 'can find kill: ' . is_file($kill_path) . '<br/>'; > > that will tell you whether php can see the file or not. > > Other stuff like safe-mode being enabled, open_basedir restrictions and > this fn can be disabled (echo ini_get('disabled_functions')) all affect > whether this will work or not. > > -- > Postgresql & php tutorials > http://www.designmagick.com/ To use "sudo -p my_passsword -u root kill $pid", you will need to add the user php runs on to the wheel group (this is INSANE, REALLY). Doing this, you will open a HUGE backdoor to anyone capable of running "ps aux" (in php or in any other context) as they will see your root password in plain text (they will see the sudo command line). If possible: 1 - Set up a cron job for root, the cron job would periodically (say every half minute, 10 seconds, whatever) search for a file in a specific location, read it and do what the file says (don't put plain commands, build some sort of interface). 2 - Write or find a daemon capable of doing what you are trying to do (execute commands on demand) but using some authentication model, so that you can communicate with the daemon using a local socket (and don't open the backdoor through TCP/IP). I don't have any clues on this, but that's what I would look for. This is still a risk if you have PHP installed as an apache module (everyone can read your files and your login info, don't they? But at least it is more secure than letting somebody read your sudo command line) 3 - PHP SSH2 extension could be a way... but it is still a HUGE security hole if you have your root password in plain text on your scripts... so you must find some way of not doing so (don't ask me how, I'm not trying to kill a process right now :), I love processes). Just my 2 cts :), Regards, Rob Andrés Robinet | Lead Developer | BESTPLACE CORPORATION 5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308 | TEL 954-607-4207 | FAX 954-337-2695 | Email: info@xxxxxxxxxxxxx | MSN Chat: best@xxxxxxxxxxxxx | SKYPE: bestplace | Web: bestplace.biz | Web: seo-diy.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
