1

Python script is run through shell_exec command, but produces no output.

By no output I mean no errors, and when directed to output to file, the file is created, but is blank.

What does work:

  • Running this script as any other user
  • Running this script as apache using sudo -u apache ...
  • Other shell_exec commands run as apache
  • Other Python scripts run as apache in the same originating directory
  • Other Python scripts run using shell_exec in the same PHP script that output to the same folder

The only difference between the scripts that work and the one that doesn't is the use of import to load modules.

UPDATE: Looks like it's a permissions issue, but I can't figure out why

/usr/local/bin/python2.7: can't open file '/var/www/scripts/script.py': [Errno 13] Permission denied

Script location: /var/www/scripts

/var
drwxrwxr-x.  20 root apache  4096 Oct 26 00:04 var

/var/www
drwxrwxr-x.  8 root apache 4096 Oct 13 13:55 www

/var/www/scripts
drwxrwxrwx. 2 apache apache 4096 Oct 27 01:26 scripts

/var/www/scripts/script.py
-rwxrwxrwx. 1 apache apache 1315 Oct 27 09:25 script.py

UPDATE: F*****g SELinux.

Temporarily disabling SELinux with setenforce Permissive resolves the issue. What is the best approach to make SELinux let Apache run this script from this directory permanently?

SQueryL
  • 140
  • 1
  • 11
  • See also [How can I debug exec() problems?](//stackoverflow.com/q/12199353) and `python -v -v -d` – mario Oct 27 '18 at 01:10
  • @mario all error reporting is turned on and nothing in any of the logs. Tried adding those flags and got nothing either. – SQueryL Oct 27 '18 at 01:17
  • "The only difference between the scripts that work and the one that doesn't is the use of `import` to load modules."—then shouldn't you be showing us this part of the code? I'm not sure how we can help without seeing it. Please read [ask]. – ChrisGPT was on strike Oct 27 '18 at 02:16
  • Those flags will do nothing unless you followed the advise in the reference (not just the first answer!) – mario Oct 27 '18 at 02:42
  • @Chris the imports aren't anything special (i don't think). it's just importing `time` `urllib2` and `sys` – SQueryL Oct 27 '18 at 03:26
  • Any chance Apache is running the script with Python 3? [`urllib2` doesn't exist there](https://stackoverflow.com/q/2792650/354577). – ChrisGPT was on strike Oct 27 '18 at 03:52
  • @Chris i'm specifying the Python version in `shell_exec` using `/usr/local/lib/python2.7`, so i doubt it. And like i mentioned in the post, when the script is run using `sudo -u apache` in a shell, everything works fine. It's only when called through the PHP script in a browser that things don't work. – SQueryL Oct 27 '18 at 05:31
  • @Chris updated my question with permissions issues. any thoughts? – SQueryL Oct 27 '18 at 09:39
  • Actually, yeah, maybe. What OS are you using? SELinux, AppArmor, or similar may be preventing this from working. – ChrisGPT was on strike Oct 27 '18 at 12:49
  • CentOS 6. Thought I had disabled SELinux.. – SQueryL Oct 27 '18 at 12:54
  • SELinux looks to be the culprit. Temporarily disabling with `setenforce Permissive` resolves the issue. What's the best permanent solution to allow SELinux to allow apache to run this script from this directory? – SQueryL Oct 27 '18 at 13:09
  • That's a difficult question as it entirely depends on your goals. Disabling SELinux permanently would certainly work, but then you'd lose its other protections. I wouldn't recommend that but since you thought you'd already disabled it maybe that's fine. You could also create an SELinux policy to allow Apache to run that script. How to do that is beyond the scope of what we can cover here, but there are tutorials online. – ChrisGPT was on strike Oct 27 '18 at 16:58

0 Answers0