How to get PHP to call a shell script?

Question

I have a generate.php page

<?php
exec("./script $ip");
?>

I have verified that the the variable $ip is pulling from the URL correctly. When it redirects to this page it does not run the script. I have also tried to verify that the script works for the apache user and it does.

su -s /bin/sh apache -c "./script 1.1.1.1"

The code that sets the IP from my index.html page is this

<form action="generate.php">
  <input type="text" name="ip" />
  <input type="submit" />
</form>

When I enter the IP into the box and hit submit, it does take me to http://example.com/generate.php?ip=1.1.1.1

Is there something wrong with the way I am invoking the shell script? Any input will be greatly appreciated.

Thank you for all the input, turned out to be just selinux. Disabling selinux solved this issue. Since this is not a network connected system, selinux being disabled is not an issue.

Answer 1

su -s /bin/sh apache -c "./script 1.1.1.1"

You are executing the script with root privileges. Try executing the script with your user and see the results. You maybe need to add permissions to the file.

Also by default exec function is disabled for security reasons. You can try edit the configuration file.

Also the php error log file will be helpful to read.

Other than that the whole idea is really bad. Executing shell scripts with parameters from GET or POST may lead to bad things...

Answer 2

You may try this:

<?php
if (isset($_GET['ip'])) {
    exec('./script ' + $_GET['ip']);
} else {
    exec("./script $ip");
}

Here you will use ip from URL (like: http://example.com/generate.php?ip=1.1.1.1) in case it's provided, otherwise you will use your previous implementation.