I’m developing an application in PHP and Javascript and I need to set up disk quotas for a given user (as I’m using an FTP daemon (ProFTPd in this case) to allow for users to have their own document manager) so elFinder (which is the document manager I’m currently thinking on using) can run ‘freely’ (instead of having to create my own PHP function to control how much space is actually being used).
The idea is to run a single command to adjust the disk quota on the server side, but… is it safe to let PHP run system commands (even if I’m not going to accept parameters or allow any kind of user interaction with the system)?
Usualy is not safe. It doesn’t matter if you let users send commands or any other kind of interactivity. Even if your script runs alone, exploits can be invented to make use of it in one form or another and maybe alter it’s actions.
But, this applies only if you want to have insane security rules on your server. In real world, the chance is minimal that you can compromise your server security.
I still have some suggestions for you :
make sure your script does not accept any input from outside, it does not read a database or a file. Everything must be enclosed inside the script.
Try to put the script somewhere outside the documentRoot so it won’t be accesible by users.
Put some special permissions on the script so that it’s actions are limited to the user it runs as. Even if someone breaks it somehow, the OS will not let him do something else than running just that particular command in a particular environment.
This of course may be completed with more rules, but this is just what comes in mind now. Hope it helps