I need to execute a php script from the command line, but if I call directly "php5 myfile.php", I will have some security issue (mainly the openbasedir restrictions and the user&group rights).

So I'd like to execute that php file from the same constraints as a fpm process (/etc/php5/fpm/pool.d/specific_process.conf). This process has a sock file at /var/run/php5-fpm-specific.sock, which, I believe, would be constrained like in the conf file (same user&group, some php_admin_value, etc).

But I can't see how I can do that from the command line, and by giving some arguments.

I tried something like :

php5 --bindpath /var/run/php5-fpm-specific.sock -f /path/to/my/file.php param1 param2

But of course it does not work. How can I do ?

Note: The file I'm calling expects some parameters (here, param1 and param2).

Thank you for your help.

You will need the executable cgi-fcgi (in Debian part of the libfcgi0ldbl package), then you can do it by executing this command (this is one line with \ escaping the newlines, you should be able to paste this to your shell like this):

SCRIPT_NAME=/file.php \
SCRIPT_FILENAME=/path/to/my/file.php \
REQUEST_METHOD=GET \
QUERY_STRING=param1=x\&param2=y \
cgi-fcgi -bind -connect /var/run/php5-fpm-specific.sock

You will then receive the output, as it would be sent to the HTTP server, so it will include the HTTP headers, for example for a script containing <?php echo "The time is ", date("H:i:s");:

Content-type: text/html

The time is 13:46:35

There are a couple of more parameters but these are the most essential ones (see how they map to the $_SERVER array, that's what's happening in the background):

• SCRIPT_NAME this is the script name as it is seen from the HTTP side. In my example the file could have been accessed via http://localhost/file.php
• SCRIPT_FILENAME this is the local path to the script -- it's what the HTTP server will usually determine from the URL, here you need to specify it yourself
• QUERY_STRING can be used if you also want to pass in something that would be after the ? in a URL, be aware that we are in a shell, so you'd need to escape the ampersand like this: \&

See also:

• FastCGI Example in the Nginx documentation for more parameters.
• Directly connect to PHP-FPM.
• FastCGI Developer's Kit