1

We have a small office intranet, built in PHP (on an apache server - so WAMP), that allows us to create project folders on our file server. This works by copying a set of template folders to a new location using the shell exec xcopy command and the following switches /e /k /i /c.

We (fairly) recently upgraded to a new file server running Windows Server 2008 R2 Standard. Now the xcopy command no longer works from within PHP. However, I know that the xcopy command is correct because it works if I copy and paste it into a command prompt (on the same machine).

I can see no error message but I assume this is some kind of permissions issue related to the PHP 'user', but I don't know exactly what or how to solve it.

The apache server and the file server are two separate machines. If it's relevant, the apache server is a 32bit machine and the file server is a 64bit machine but, as I say, I can invoke the xcopy command from the CLI of the 32bit machine without a problem.

The Apache process user name is SYSTEM (although I can't seem to use the 'whoami' command to check this)

Any pointers would be greatly appreciated.

FWIW, the exec string looks like this...

echo "xcopy \"\\\\path\\to\\folder\\xxxx_Project\\*.*\" \"\\\\path\\to\\folder\\9876_NEWPROJECT\" /e /k /i /c";

which (I think) materializes as this...

xcopy "\\path\to\folder\xxxx_Project\*.*" "\\path\to\folder\9876_NEWPROJECT" /e /k /i /c

Obviously, the '9876_NEWPROJECT bit is really a variable.

Improve this question
11
  • Have you set the appropriate file/folder permissions ? Commented Jan 8, 2014 at 12:41
  • @strawberry take a look at : cyberciti.biz/faq/… Commented Jan 8, 2014 at 12:52
  • I'm confused: is the PHP/Apache server and the "file server" the same machine or 2 different servers? Commented Jan 8, 2014 at 13:24
  • Yes, sorry, I deleted that first comment, I was assuming LAMP server to Windows File server. Is this actually Windows Server to other Windows Server? Or copying files all located on one server? Commented Jan 8, 2014 at 13:28
  • OK then I don't know how it ever worked before running as SYSTEM. See here: stackoverflow.com/questions/3622089/… Commented Jan 8, 2014 at 13:32

2 Answers 2

Reset to default
6

OK. I seem to have got it working. Here's what I did - tell me if it's a bad idea although I should point out that this is an intranet so I'm a little less concerned about security...

  1. Go to Control Panel->Administrative Tools_>Services

  2. Select the Apache service and hit Properties

  3. On the Log On tab, click 'This account:' instead of 'Local System account', and then find the User account of Windows user who's normally logged on to that terminal

  4. Restart Apache

I also amended the user info in the httpd.conf file, but I'm not actually certain that that was necessary.

If there's a better solution, that can be explained in words of two syllables or less, I'm all ears!

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

That's actually the recommended approach (see in the link I pushed earlier: "It is recommended that users create a separate account for running Apache service(s).").
Thanks - that's where I drew my inspiration from :-) - but it doesn't seem quite right using a domain user in this way. (I should stress that that's an opinion based on ignorance rather than anything else)
Why? A "domain user" does not need to be a physical user. I would even create a new user for Apache only. After all, the same approach is used under Linux (eg. www-data).
OK. I think I need to speak to my IT people about setting up a new user. But that sounds like a sensible idea.
Thanks for the idea where to look, for me it was enough to check "Allow service to interact with desktop"
|
5
+100

get_current_user() will confirm the user your script runs as.

Then try to manually execute your command as this user with runas (or if your user really is SYSTEM then you will need something like psexec to do so).

Now, assuming that your script actually runs as SYSTEM, it is very likely that this user is not authorised on the remote file server. I don't think it is even possible to do that (except, perhaps, by allowing "Everyone"). If it is, I am not sure this is a good idea anyways.

I would instead run the apache service as a regular user, and on the file server, grant access to this user.

Alternatively, you could mount the remote location as a network drive (not tested, other answers in the thread might help too).

Improve this answer

1 Comment

Thanks. I can't check this right now, but I'm sure it is a permissions issue. As such, I have a feeling that your suggestions are sure to fix it!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.