1

Can anybody tell me why using the pcntl lib on production servers is discouraged? The PHP manual tells very briefly about it, and I'm in a dire need to use this library... Is there another way to do the same thing in php?

hakre
  • 193,403
  • 52
  • 435
  • 836
marek
  • 259
  • 8
  • 19
  • First guess? Scripts served over the web allowing access to unix processes. Sounds pretty insecure. – Stephen Feb 04 '11 at 15:34
  • Could you elaborate a bit more on what you need to use? POSIX signals aren't inherently a "bad idea", but it is really implementation dependent. – Tim Post Feb 04 '11 at 15:42
  • Well, it's for optimization purposes - I need to process a really big amount of data and doing this synchronously would take huge amount of time. – marek Feb 04 '11 at 18:04
  • 1
    @Stephen - could you elaborate a bit more please? I mean - I'm pretty sure I'm able to secure my web serv properly, though I had never used this lib, so maybe you can tell me what should I do to secure it better? According to manual: "unexpected results may happen if any Process Control functions are used within a web server environment" - expression unexpected results got my attention. What do you think can it mean? Data loss, or maybe serv hang-up? – marek Feb 04 '11 at 18:12
  • I've never used the lib either! :) I read that very same sentence in the documentation, along with what the library does, and drew a conclusion. That's why I commented instead of answering. Sorry :) – Stephen Feb 04 '11 at 18:19
  • No need to apologize friend and thanks for trying to help ;). – marek Feb 04 '11 at 18:58
  • @Tim Post - one more thing - if you are asking about specific functions, I have yet to discover which of the pcntl_xxx set I will use. Right now my idea of the algorithm is fairly simple: retrieve data, process it, save it to db, signal process end, so I think that _fork and _signal are enough, though I'm thinking of some secondary processing in the main process after all children are finished, but it's a subject for another thread :). – marek Feb 04 '11 at 19:13
  • I would be afraid, that once the parent process stops (and in web environment, PHP scripts are a subject to runtime time-out), the forked processes might get 'orphaned' and no longer controllable. That's just my wild guess though. – Mchl Feb 04 '11 at 19:49
  • Mchl, but if I wait for the processes to stop, this will not happen: hasFinished()) { sleep(1); } ?> – marek Feb 04 '11 at 20:39
  • QUestion is: how can you be sure webserver just don't terminate your main process? You need at least to add `set_time_limit(0);` into your loop, bet even then, there might be other factors that stop your script prematurely. – Mchl Feb 04 '11 at 22:23
  • From what I remember, and it's foggy - one of the reasons of "unexpected" behavior is due to how servers (Apache) handle php and processes spawned from php itself. In other words, forking a process directly from a script you access trough URL might (and probably will) be unstable. You might want to create a shell script that you call via php's exec() then, because you'll bypass Apache's process handler and you'll communicate directly to OS. – Michael J.V. Mar 30 '11 at 10:28

2 Answers2

3

pcntl is discouraged in production environments because the functionality it supports (fork, process control, signal handling) are fairly explicitly things you should not be using in a CGI style application. Now, if you're writing a daemon or command line application in PHP, that is another matter...

From the PHP manual:

Process Control should not be enabled within a web server environment and unexpected results may happen if any Process Control functions are used within a web server environment.

Edward Z. Yang
  • 26,325
  • 16
  • 80
  • 110
  • Ok, but this doesn't explain what are those mysterious unexpected results I should expect if I use pcntl on prod-serv :). – marek Feb 05 '11 at 08:41
  • 1
    @marek: because pcntl is not supposed to be used in scripts interpreted by any web server software. only on the cli. pcntl is no proper tool for implementing some sort of concurrency. – glasz Jun 05 '12 at 00:21
1

one has to be clear about the differences of a php cli script and a sapi/cgi script. php on production systems may as well have support for pcntl.

the important thing here is to have 2 php config files. one for cli and one for cgi setup. one then has to disable pctnl in the cgi setup because the real security issue is, that forking a script when executed by the webserver may leave zombie processes flooding the system.

in a cli environment it might be necessary to be able to write scripts that fork...

glasz
  • 2,526
  • 25
  • 24
  • @Edward Z. Yang: that's what i said. the php manual specifically refers to the danger of forking scripts run by the web server software. – glasz Apr 01 '11 at 13:35