How to safely execute .sh from php?

D

Daniil Vshivtsev2017-07-02 19:40:23

PHP

Daniil Vshivtsev, 2017-07-02 19:40:23

Greetings.
There are hundreds of php daemons running on centos 7.3 server; it is necessary, upon request, to find out their exact number.
At the moment, I can find out the number of processes using the .sh script
ps aux | grep php-cgi | wc -l
. The script is executed by cron once a minute, writes the result of the command to the file.
You can read it at any time; but the problem is that due to the minimum cron interval per minute, the number of processes there may already be outdated.
It is not safe to give the webserver root permissions.
How do those who understand better than me solve such problems?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexander Aksentiev, 2017-07-02
@dahujika

what is the practical point of getting the number of demons?
what's the point of being super accurate?
the number of php daemons is, in theory, configured in the configs, and even with dynamic settings there are some limits. That is, +/- there and so it is known how many of them there can be or frames.
and why the root is right, ps / top is enough to execute i.e. make it executable from any user.

B

Boris Korobkov, 2017-07-02
@BorisKorobkov

1. Root rights are not needed. But for reliability, it's still better to disable exec/system
2. The number of php processes doesn't mean anything. With any number of them, as there may be problems, so there may not be.
Instead of processes, it is necessary to check that the right response comes to http requests in the right time.
3. It is better to check the amount of memory, processes and other things using Nagios. Even the number of processes - for this add your sh script to /etc/nagios/nrpe.cfg

J

justpusher, 2017-08-25
@justpusher

You can directly read the contents of /proc and find out the number of processes without running third party utilities (see /proc/*/cmdline).
It's definitely safe.