Permission problem? Security Setting? Help please.
January 26, 2009 8:08 AM   Subscribe

I'm having trouble when running cvs update with PHP's exec() command after our company migrated from Windows Server 2003 to Windows Server 2008.

Over a year ago I was tasked with creating a simple web interface which would allow employees to execute a CVS update on our web server. That was setup in PHP fine, and required the user's network authentication to execute the script. User logins, chooses the directory which needs to be updated (lists of subdirectories populated dynamically) and submits.

The update script executes 'cvs update.' Details:

PHP script runs: exec("start cvs -d .... update",$out);
CVS is executed using start because that's the only way I could get the browser to wait for the update to finish. When that command finishes I check the files in the directory and subdirectories for a change in their modified date attribute to determine which files have been updated. I was forced to do this because the content of $out is usually an empty array.

We have since, just recently in fact, updated our Windows Server from 2003 to 2008. So now PHP is running in IIS 7 with FastCGI. That was not the case on the 2003 server. We ran into permission issues right away for users who were connected remotely to the machine and trying to run an update on the command line, but that has been resolved. However, I still cannot get the update to execute through the web interface. The browser hangs when I use exec("start cvs ... update"), and if I don't include 'start' the script finishes loading immediately, and does not execute cvs update on the remote machine.

Also, when I remote desktop to the machine and execute the php script from the command line, the script operates as expected. I tried setting IUSR permissions after this to full control on all relevant directories, but still no luck.

Is there some FastCGI setting I've overlooked? Or a Windows Server 2008 security setting I'm missing?

Any help would be appreciated because I've tried just about everything I can think of.
posted by trueluk to Computers & Internet (3 answers total)
 
Are you sure it's not a path problem? What if you run other cvs commands, ones that complete almost immediately? Did you check the error log for iis and whatever php uses on Windows?
posted by devnull at 9:00 AM on January 26, 2009


Are you sure it's not a path problem?

I have set the path variable and can verify that running from the command line: php test.php where the contents of test.php are exec("cvs update",$out); does work. I also tried replacing cvs with the full path to cvs.

What if you run other cvs commands, ones that complete almost immediately?

I tried cvs version and the results are the same. Works locally, but not through a browser. Here's something which may help though. If I run exec("dir > temp.txt",$out); from a browser the directory contents are written to temp.txt, but if I run exec("test.bat > temp.txt",$out); where the contents of test.bat are only "dir" nothing is written. That has to be permissions right? I gave IUSR full control of test.bat and the directory but still no results. The file created by the command ( exec("dir >temp.txt"); )when going through the web has its owner attribute set to Network Service. I gave Network Service full control over the directory and also made it the owner of test.bat. Still not working.

Did you check the error log for iis and whatever php uses on Windows?

No errors in either, just a PHP warning for an unrelated, already loaded module.
posted by trueluk at 11:00 AM on January 26, 2009


Alright, I figured it out.

I needed to create an application pool and under Process Model set Identity to LocalSystem. Also under Process Model, Load User Profile has to be set to true. Then add an application to that pool pointing to the directory with the script in it.

Hmm...I wonder, is it frowned upon to mark my own answer as best?
posted by trueluk at 11:56 AM on January 26, 2009


« Older Volleyball court rental in Chicago?   |   Where does the buck stop, again? Newer »
This thread is closed to new comments.