at now + 2 days /usr/local/php4/bin/php /www/at.php
At this point I have 1 question and 1 problem:
Question: What are the dangers and security risks of trying to schedule a task thourgh PHP using proc_open or any other functions like exec, shell_exec, system (I use proc_open because it allows me to retrieve the jobid that the at command prints out to standard error)? The at.php script is located in a non public directory that has r-xr-xr-x so that it can be executed by user nobody but people cannot just type the address and execute it. Is there a better/safer way to schedule tasks from PHP and possibly avoiding the problem I describe below?
Problem: When I run the script from my web browser (Mozilla and Safari) the script runs OK the first time. It does the databas transactions and it also schedules to run itself in the future. However when the time comes for the script to run again nothing happens. When I run the script from my console, logged in as root or regular user or even sudo -u nobody the script runs OK the first time, schedules it self to run in the future and runs again when it is scheduled to run.
When I look at the /var/at/jobs for the at script created when at.php is called from the browser it looks like:
Code: Select all
#!/bin/sh
# atrun uid=-2 gid=-1
# mail george 1
umask 22
MANPATH=/sw/share/man:/usr/share/man:/usr/local/mysql/man:/usr/local/share/man:/usr/X11R6/man:/sw/lib/perl5/5.8.6/man; export MANPATH
TERM_PROGRAM=Apple_Terminal; export TERM_PROGRAM
SHELL=/bin/bash; export SHELL
TERM_PROGRAM_VERSION=133; export TERM_PROGRAM_VERSION
SGML_CATALOG_FILES=/sw/etc/sgml/catalog; export SGML_CATALOG_FILES
USER=root; export USER
SUDO_USER=george; export SUDO_USER
SUDO_UID=501; export SUDO_UID
__CF_USER_TEXT_ENCODING=0x0:0:0; export __CF_USER_TEXT_ENCODING
PATH=/sw/bin:/sw/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/mysql/bin:/usr/X11R6/bin; export PATH
XML_CATALOG_FILES=/sw/etc/xml/catalog; export XML_CATALOG_FILES
PWD=/usr/local/apache2/htdocs/www; export PWD
SHLVL=3; export SHLVL
HOME=/Users/george; export HOME
SUDO_COMMAND=/usr/local/apache2/bin/apachectl\ start; export SUDO_COMMAND
LOGNAME=root; export LOGNAME
INFOPATH=/sw/share/info:/sw/info:/usr/share/info; export INFOPATH
SUDO_GID=501; export SUDO_GID
SECURITYSESSIONID=a144f0; export SECURITYSESSIONID
cd /usr/local/apache2/htdocs/ideaworth || {
echo 'Execution directory inaccessible' >&2
exit 1
}
/usr/local/php4/bin/php /usr/local/apache2/htdocs/www/at.php 205 1Code: Select all
#!/bin/sh
# atrun uid=-2 gid=-2
# mail george 1
umask 22
MANPATH=/sw/share/man:/usr/share/man:/usr/local/mysql/man:/usr/local/share/man:/usr/X11R6/man:/sw/lib/perl5/5.8.6/man; export MANPATH
TERM_PROGRAM=Apple_Terminal; export TERM_PROGRAM
SHELL=/bin/sh; export SHELL
TERM_PROGRAM_VERSION=133; export TERM_PROGRAM_VERSION
SGML_CATALOG_FILES=/sw/etc/sgml/catalog; export SGML_CATALOG_FILES
USER=nobody; export USER
SUDO_USER=root; export SUDO_USER
SUDO_UID=0; export SUDO_UID
__CF_USER_TEXT_ENCODING=0xFFFFFFFE:0:0; export __CF_USER_TEXT_ENCODING
PATH=/sw/bin:/sw/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/mysql/bin:/usr/X11R6/bin; export PATH
XML_CATALOG_FILES=/sw/etc/xml/catalog; export XML_CATALOG_FILES
PWD=/var/mail; export PWD
SUDO_COMMAND=/usr/local/php4/bin/php\ /usr/local/apache2/htdocs/www/at.php\ 205; export SUDO_COMMAND
SHLVL=3; export SHLVL
HOME=/var/root; export HOME
LOGNAME=nobody; export LOGNAME
INFOPATH=/sw/share/info:/sw/info:/usr/share/info; export INFOPATH
SUDO_GID=0; export SUDO_GID
SECURITYSESSIONID=a144f0; export SECURITYSESSIONID
cd /private/var/mail || {
echo 'Execution directory inaccessible' >&2
exit 1
}
/usr/local/php4/bin/php /usr/local/apache2/htdocs/www/at.php 205 1Thanks,
Nikolaos
P.S. I am testing this locally on my MacOS but I am also experiencing the same issue on the server that runs Linux.