How to get shell_exec to run on IIS 6.0
The Problem
I have a PHP script that uses shell_exec to run a pdf-to-text converter. To simplify the problem I've created a short script that uses shell_exec to just echo the output of the dir command.
<?php
$cmd = 'C:\\WINDOWS\\system32\\cmd.exe /c ';
echo shell_exec($cmd.' dir');
?>
When I run this on my Apache server, everything works as expected. When I switch to IIS, it's as though the line is skipped entirely: no errors, no output, no logs, no nothing.
Unfortunately, I need to use IIS because I'm going to authenticate my users against active directory.
Here's what I've tried so far:
- Issue the command through
cmd.exe /crather than issuing it directly - Give
Read & Executepermission toSERVICEon "C:\WINDOWS\system32\cmd.exe" - Give
Read & Executepermission toNETWORK SERVICEon "C:\WINDOWS\system32\cmd.exe" - Give
Read & Executepermission toIUSR_MACHINENAMEon "C:\WINDOWS\system32\cmd.exe" - Give
Read & Executepermission toEveryoneon "C:\WINDOWS\system32\cmd.exe" (don't worry, it didn't stay like that for long, haha) - Run PHP as an ASAPI module
- This is my standard configuration
- Run PHP as a CGI extention
- This does not work, I get an error:
CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers.
- This does not work, I get an error:
- In IIS Manager, set
Execute PermissionstoScripts and Executableson your website - Added html markup and other php functions to script to see if that gets processed; it does. It's as if the
shell_execbit just gets skipped.
Thank you so much for looking at this question, I am now pulling my hair out with the problem
Cheers, Iain
Update 1
I really didn't want to do this, but as a stop gap until I find a proper solution I'm running Apache on the web server (which runs shell_exec fine) and I call my apache script via cURL. It's ugly, but it works :).
Update 2
I'm beginning to think this isn't so much an issue with IIS or permissions as such, but perhaps a result of some policy we have on our network - although I can't imagine what. Any ideas from left of field?
Answer
Below is a more systematic way to determine which user needs to be granted permission
Confirm that you have the following executables in C:\WINDOWS\SYSTEM32 (or more generically %systemroot%\system32)
cmd.exe
whoami.exe
Check the current ACL for these executables
c:\windows\system32> cacls cmd.exe
c:\windows\system32> cacls whoami.exe
If the user "Everyone" is not granted Read (R) access, then TEMPORARILY grant as follows
c:\windows\system32> cacls cmd.exe /E /G everyone:R
c:\windows\system32> cacls whoami.exe /E /G everyone:R
Create whoami.php with the following content
<?php
$output = shell_exec("whoami");
echo "<pre>$output</pre>";
?>
Load whoami.php on a web browser and note the username displayed e.g. in my case it showed
ct29296\iusr_template
Revoke "Everyone's" permission if it had to be added in above steps
c:\windows\system32> cacls cmd.exe /E /R everyone
c:\windows\system32> cacls whoami.exe /E /R everyone
Grant only the username found in step 5 with the Read+Execute permission (R) to cmd.exe
c:\windows\system32> cacls cmd.exe /E /G ct29296\iusr_template:R
Remember to use the correct username for your own system.
See: http://www.myfaqbase.com/index.php?q=php+shell_exec&ul=0&show=f