> Am 17.05.2024 um 03:58 schrieb F Bax <fbax...@gmail.com>: > > I think I missed something simple? I installed 7.5 release in a VM. I then > installed nginx and PHP 8.3.3; with pkg_add. I then ran these two commands: > # rcctl enable php83_fpm > # rcctl start php83_fpm > I found an issue with php system() function; so created this simple script > which produces "HiThere"; why is the date not presented? > <?php > echo 'Hi'; > system( 'date' ); > echo 'There'; > ?>
You are probably running the php83_fpm process accessed from nginx in the default chroot(2) environment? If so you need to reconfigure your /etc/php-fpm.conf to not use chroot(2) — comment the line »chroot = /var/www« — or install /bin/date and a /bin/sh into /var/www. (Note that PHP needs a shell to execute shell commands and the date command is not present in the chroot(2) environment by default either.) Your test script works for me in Apache httpd and a php-fpm.conf without chroot(2) (in a non-public setting). So I don’t think this is related to nginx specifically. Could happen with OpenBSD httpd and PHP-FPM as well. Basically in any situation where PHP-FPM is running chroot(2)ed. OpenBSD httpd would be a different situation because it runs in a chroot(2) environment by default. You can’t call on a PHP-FPM process that is not also running in the chroot(2) environment. The communication between httpd(8) and PHP-FPM fails due to differing opinions about the root of the filesystem when applied to the paths passed from httpd to PHP-FPM. At least I have not managed to get this to work. But AFAIK nginx does not run chroot(2)ed by default. So PHP-FPM does not need to either. Note: If you need both you can configure your /etc/php-fpm.conf to spawn both chroot(2)ed and non-chroot(2)ed workers with differing sockets. I’m doing this on a machine running both OpenBSD httpd and Apache httpd with PHP based web pages. HTH Mike PS. Hopefully you are aware that running shell commands from a publicly accessible web server can lead to serious security issues? Be very careful when configuring access restrictions to the affected URLs and when constructing the UNIX commands you plan to execute.
