4

This is driving me nuts.

I've reduced my problem to this: I have a simple file 'test.php' that invokes a php file (this is from a bigger application, so in fact we need to execute many php scripts from a main script):

<?php

 exec("php /var/www/setActive.php 273 1 2>&1",$arO,$nO);
echo $nO.'|'.implode(',',$arO);

The original path for setActive.php is way longer, I shortened it for this example.

Now, if I try:

[root@stg]# sudo -u apache php test.php

I get:

0|

Great, this means the setActive.php script ran smoothly.

Now, if I try it from a browser or from curl:

[root@stg]#curl http://my.url/path/test.php

This is what I get:

1|Could not open input file: /var/www/setActive.php

I already reviewed all the permissions. Apache user has access to all directories and files. This was working ok in another server. I reviewed the php.ini files and there is no difference between them.

Maybe is a option that I'm not seeing, or an apache config option. I'm ran out of ideas.

Please help me!

Thanks in advance.

I have Linux, Cent OS. PHP 5.3.23

user3462228
  • 59
  • 4
  • what do you get in the apache logs? – Geoff Williams Mar 26 '14 at 02:03
  • Is `my.url` the same server? – xdazz Mar 26 '14 at 02:09
  • are you sure that the script is accessible (file permissions, right Path, accessible by VirtualHost)? – Adrian Preuss Mar 26 '14 at 02:10
  • Does the script run as the `apache` user via the web server? You can find the user running the script, see http://stackoverflow.com/questions/7771586/how-to-check-what-user-php-is-running-as – Phil Mar 26 '14 at 02:12
  • Have you tried using include instead of exec? – Charles Forest Mar 26 '14 at 02:12
  • @xdazz Yes, is the same server. – user3462228 Mar 26 '14 at 02:14
  • @Phil: Yes, it runs with 'apache' as user. – user3462228 Mar 26 '14 at 02:17
  • @Charles Forest: Those files comes from different applications. So we need to run them as any other external file. – user3462228 Mar 26 '14 at 02:17
  • @user3462228 Did you check from the PHP script using the answers in that linked post? PHP may be executing as a different user via SuExec or similar – Phil Mar 26 '14 at 02:17
  • @Phil: Yes, I wanted to be sure, and try with exec('whoami') a few hours ago. The user is 'apache'. – user3462228 Mar 26 '14 at 02:25
  • @user3462228 Could be `open_basedir` or some other sandboxing security measure. Sorry, just clutching at straws now :( – Phil Mar 26 '14 at 02:28
  • From the command line you have to use `sudo`, yeah? So why should your application get to do it without? This might be a step toward your solution: http://stackoverflow.com/questions/3173201/sudo-in-php-exec – Shaun Scovil Mar 26 '14 at 02:42
  • @Phil open_basedir is not set. Is there another one like this? – user3462228 Mar 26 '14 at 02:46
  • 1
    @Shaun Scovil: In the example I'm using sudo to run the script as the apache user (sudo -u). If I omit the sudo, it runs as 'root', and the result is the same (successful execution). – user3462228 Mar 26 '14 at 02:49
  • @user3462228 what if instead of `exec` you put `var_dump(file_exists('/var/www/setActive.php'))` and `var_dump(file_get_contents('/var/www/setActive.php'))`; ? is php able to find and read the file? – Peter Mar 26 '14 at 03:01
  • 1
    @user3462228 [SELinux](http://en.wikipedia.org/wiki/Security-Enhanced_Linux), [Suhosin](http://www.hardened-php.net/suhosin/) – Phil Mar 26 '14 at 03:19
  • The difference appears to be that users www-user (or whatever default for web is) and apache must have different permissions to execute. – logic-unit Mar 26 '14 at 15:42

1 Answers1

0

If permissions etc.. are all ok, possibly the apache config. in your setup has the 'ChrootDir' set:

http://httpd.apache.org/docs/2.2/mod/mpm_common.html#chrootdir

This uses the syscall chroot() and the view for '/' dir for that process starts from this setup dir, and hence everything should be relative to it.

jrm
  • 341
  • 1
  • 2