1

I'm trying to install composer using PHP shell_exec command as described in composer official site.

My server linux is centOS 6.

shell_exec('curl -sS https://getcomposer.org/installer | php');
/*
 * OR
 */
shell_exec('php -r "readfile(\'https://getcomposer.org/installer\');" | php');

but there's permission error :

> Downloading... 

>Could not create file /myfolder/composer.phar
>
> fopen(/myfolder/composer.phar): failed to open stream: Permission denied Download failed:
>
> fopen(/myfolder/composer.phar): failed to open stream: 
>
> Permission denied fwrite() expects parameter 1 to be
> resource, boolean given 

>Downloading... Could not create file to open stream: composer.phar:
>
>etc...

So, I tried to change user to root using this command :

shell_exec('su -root; myPass; whoami');
//And
shell_exec('su - root; myPass; whoami');
//And
shell_exec('su -u root -p myPass; whoami');

And again whoami return apache

It seems user apache do not have right permission for install composer and create directories, so I tried to install composer after previous commands but still there's same problem.

Would you please tell me there's something wrong with my command or what's the problem?

Thanks in advance

Community
  • 1
  • 1
Kiyarash
  • 2,437
  • 7
  • 32
  • 61
  • Sorry but I have to ask: why do you want to do this at all? Is it that you don't have shell access to the target machine? – RandomSeed Nov 09 '15 at 00:20
  • If you have to use `shell_exec` to install Composer, you are likely doing it wrong. Why would you have to have Composer on that server? Are you able to also install Git and SVN on this machine (Composer will use them in not that rare occasions)? What are you trying to achieve at all? If you are wondering how to install the dependencies of your software, the answer is: Locally on your own machine that does the upload to the server, just before the upload. This means you don't need Composer on the server, and you will notice that Github is down before you take down your website. – Sven Nov 11 '15 at 21:02

1 Answers1

0

You cannot provide su a password this way. In fact I don't think there is a way at all (there is a way for sudo)

But elevating to root is a very poor idea if only for security reasons. Instead you should give apache write permissions on /myfolder/.

Community
  • 1
  • 1
RandomSeed
  • 29,301
  • 6
  • 52
  • 87