(Firstly, thanks for the great module, it's almost exactly what I was looking for!)

Is it possible to execute the required commands with a version command line parameter first instead of searching the PATH for the required utility commands?
Then grab the output and see if some "sensible" information is returned.
If not, then search the PATH.

This would then overcome the PHP open_basedir restriction security setting.

e.g. can it be determined by doing:
mysqldump -v
tar -v
gzip -v
or something similiar that these tools are available instead of searching the path for them?

I get the following output when I go to http://mysite/admin/content/backup:

# warning: is_file() [function.is-file]: open_basedir restriction in effect. File(/bin/mysqldump) is not within the allowed path(s): (/home/budgetra:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/budgetra/public_html/sites/default/modules/backup/backup.module on line 403.
# warning: is_file() [function.is-file]: open_basedir restriction in effect. File(/usr/bin/mysqldump) is not within the allowed path(s): (/home/budgetra:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/budgetra/public_html/sites/default/modules/backup/backup.module on line 403.

etc

Thanks,

Ray Smith
http://RaymondSmith.com

Comments

dmuth’s picture

dmuth commented
Assigned: Unassigned » dmuth

Hmm, I'm not sure. Since is_file() is failing, I suspect that a call to popen() would fail too, seeing that they both involve accessing a program on disk. But, I can certainly do some experiments to find out!

In a worst case scenario, I could at least write some code check for a open_basedir and give the user a nicer warning message.

-- Doug

ray_223’s picture

ray_223 commented

Thanks Doug,

My hosting provider advises me that they would execute. The only problem is direct access of a file in PHP outside open_basedir.

I assume the actual script that gets run would be in a shell and not controlled by PHP security?

Thanks,

Ray Smith
http://RaymondSmith.com

dmuth’s picture

dmuth commented

> I assume the actual script that gets run would be in a shell and not controlled by PHP security?

Not really, no. The executables that PHP calls are compiled programs.

Could I write shell scripts to call those executables? Sure, but that wouldn't work out so well on a Windows box.

xqus’s picture

xqus commented

Could I write shell scripts to call those executables? Sure, but that wouldn't work out so well on a Windows box.

To be fair, neither tar, gzip or mysqldump exist on the average Windows box. ;)

xqus’s picture

xqus commented

Could I write shell scripts to call those executables? Sure, but that wouldn't work out so well on a Windows box.

To be fair, neither tar, gzip or mysqldump exist on the average Windows box. ;)