On Oct 27, 2011, at 7:49 PM, Daniel Brown wrote: > On Thu, Oct 27, 2011 at 19:44, Tedd Sperling <tedd.sperling@xxxxxxxxx> wrote: >> >> One of the things I'm trying to understand is a php script can execute a shell command, right? Is there a way via permissions to prevent that -- or -- does that even have anything to do with it? That's where I'm fuzzy. > > Sure. What PHP actually does is interface with a forked shell > (usually 'sh' by default) process, and the shell then has permission > controls and requirements of its own, defined by the operating > system's configuration. So PHP isn't actually executing the commands, > per se, but is instead instructing the shell to do so itself. To see > how to limit PHP's shell access, look into safe_mode and the like. > > -- > </Daniel P. Brown> > Network Infrastructure Manager > http://www.php.net/ Daniel: Thanks. But does having execute permissions set on a script affect the scripts ability to run shell commands? For example, if I have a script that contains a shell command, can I prohibit that script from executing the command by setting it's execute permission to not execute? Certainly, as is my normal custom, I could try it and find out for myself -- but I have always been reluctant to use shell commands. Besides, never having used them, I don't see their advantage yet. Currently, they seem strange and dangerous to me. As always, your insight is welcomed. Cheers, tedd _____________________ tedd@xxxxxxxxxxxx http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
