Allow Program Safe to Run

External programs to be run by OTRS and directories where OTRS can read from or write to are blocked by default due to security reasons. If you would like to use an external program in scripts, the 'PROGRAM' is not safe to run message appears in the log file where PROGRAM is the name of program.

There is no graphical user interface to add additional program or directory to the allow list. A system administrator who has file system access has to add the allowed programs and directories to configuration file.

To add programs and directories to the allow list:

  1. Open $OTRS_HOME/Kernel/Config.pm.

  2. Add the following settings:

    $Self->{'SystemConfiguration::ValueType::SystemCommand::BinaryWhiteList'}->{'999-Custom'} = [
       'program_name',
    ];
    
    $Self->{'SystemConfiguration::ValueType::SystemCommand::DirectoryWhiteList'}->{'999-Custom'} = [
       '/path/to/directory',
    ];
    

The first setting lists the base names of allowed commands which can be run in a system command. The second setting lists the absolute paths of allowed directories where the system can read from or write to during a system command redirect.

In the example above the 999-Custom is a unique identifier for expanding the allow lists.

Warning

Do not use the same unique identifier anywhere else in the system in the scope of this setting. Otherwise a previous allow list will be overwritten!

Scroll to Top