2013-05-06 20:08
浏览 131


I would like to use drush on my VPS for drupal maintenance tasks. However I've disallowed exec() from php at the suggestion of the self-test results from my installed firewall. Drush apparently wants this privilege and I've seen three options to make this work.

  1. enable exec()
  2. use php safe mode
  3. change the account's php.ini to "disable_functions = system, exec, shell_exec, passthru"

My account is the only admin on the Linux VPS and I don't plan to change that. I am new to VPS and its security concerns. Please advise on which option provides a more secure approach.

Terminal output:

>exec() has been disabled for security reasons bootstrap.inc:639      [warning]
The following restricted PHP modes have non-empty values:                [error]
disable_functions and magic_quotes_gpc. This configuration is
incompatible with drush.  Please check your configuration settings in
/usr/local/lib/php.ini or in your drush.ini file; see
examples/example.drush.ini for details.
exec() has been disabled for security reasons exec.inc:150             [warning]
exec() has been disabled for security reasons exec.inc:150             [warning]
exec() has been disabled for security reasons exec.inc:150             [warning]
unlink(/home/site1/drush/lib/package.xml): No such file or          [warning]
directory drush.inc:798
The drush command 'status' could not be found.  Run `drush               [error]
cache-clear drush` to clear the commandfile cache if you have
installed new extensions.
Drush needs a copy of the PEAR Console_Table library in order to         [error]
function, and the attempt to download this file automatically failed.
To continue you will need to download the 1.1.3 package from
http://pear.php.net/package/Console_Table, extract it into
/home/site1/drush/lib directory, such that Table.php exists at
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongqu9917 2013-05-06 20:59

    PHP has many functions that are either built in or available through extensions. However, there are some cases where libraries or applications were designed to call external programs. Without exec those packages simply aren't going to work, so you have your option of either allowing the use of exec or not using the package in question.

    Forget about safe_mode: it's deprecated and about to be removed entirely.

    The use of exec by itself is not inherently unsafe -- it's when programs don't properly sanitize input, or code has been written in a way that allows people to trick code into calling exec in a way it was not intended that represents the issue. As Drush is an administrative utility, you already have an expectation that this is something that will only be run by trusted users. I mean -- it includes letting you type in any php code you want and evals() it!!!

    点赞 评论

相关推荐 更多相似问题