I have a PHP script that automatically downloads Nginx and setups my web server. It does actions such as: create Nginx configuration files, generate SSL certificates, among other amazing functions. It is ran via SSH, php file.php command.
Unfortunately due to several reasons I will not be posting it here but I will be showing out examples of the issue I'm getting.
For example, a few seconds after I am running the script via the command line interface, I get the following output:
rm: cannot remove... (unexisting file)
or I have this code:
if(!preg_match("/nginx/", shell_exec("nginx -v"))) {
and it outputs the Nginx version and also shows the output of the apt-get command (shell_exec()).
How can I fix this?
Best Answer
PHP's documentation page on
shell_exec()has comments that address your issues. Basically the issue is thatshell_execonly saves the output ofstdoutto the variable, andstderris sent directly to the user.However, I highly recommend that you look into configuration management systems like Puppet or Ansible to perform these tasks. There are far too many security issues in your approach and I think you don't have the knowledge on how to even identify possible issues.