Exec() disabled

Is there anything to be done about hosting that disables exec()? I don’t seem to be able to install anything.

Which is odd, come to think of it, because it installed stuff just fine on another server which I happen to know has exec() disabled.

I don’t think exec() is required. Just these requirements…

  exec() has been disabled for security reasons

install [-f|--force] [-y|--all-yes] [-d|--destination [DESTINATION]] [--] <package> (<package>)...

I had forgotten about that, I guess we’ll have to add that to the list of requirements for GPM. Just looking and exec() is used to execute some shell commands to do the unziping/moving/etc.

The funny thing is, on one server (the one I just installed the snipcart skeleton on) I happen to know they have exec() disabled, but gpm works just fine.

To be honest I’ve never seen anyone having this problem. Are you sure you are running the CLI version of php? what does php -v say?

Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
    with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.```

As far as unzipping and moving files, I have an installer/upgrade script for MODX that doesn’t use exec() for any of that.

Would be great if you were able to take your experience with the modx and provide a Pull Request that perhaps adds a PHP-fallback approach if exec() is not available. Ideally using exec() will be faster and more efficient than doing it via PHP, but a fallback would be cool.

I’ll see what I can do. I’m mostly just an edge-case hacker, they call me the Corner Case Queen because for years I’ve been finding niggley little issues and usually providing the patches. I haven’t looked at your PHP code at all yet.

Hm. This doesn’t look promising. You use exec() a LOT.

Ok, not so much. A lot of false positives, probably need a better search criteria.

Way too many. Especially in the QuestionHelper and DialogHelper files. Not much point in dealing with the installer with all the rest of it. Will just need to make sure exec() and shell_exec() are enabled.

Do you really need to clone the git repository, or just get the files, on line 123 of cli/InstallCommand.php and on line 371 of /gpm/InstallCommand.php?

I learned something fascinating today. I use SkyToaster servers for most of my live work, and MODX Cloud development accounts for dev work. I was puzzled because I could run the gpm install for things on the MODX Cloud, but not on SkyToaster, and I knew that the MODX Cloud has exec() blocked. I found out that the MODX Cloud is configured to use a different php.ini for HTTP access than for SSH access. The reasoning is that a command-line user probably knows what he’s doing, and from the command line having exec() blocked isn’t going to be of much security use and will just be an annoyance to a developer.

SkyToaster and MODX cloud are hosted by the same provider?

No. SkyToaster is a provider, and the MODX Cloud is provided by the MODX LLC. I just thought it was an interesting way to configure a server with SSH access.