How to check what user php is running as?

Question

I need to detect if php is running as nobody. How do I do this?

Are there any other names for "nobody"? "apache"? Any others?

What do you mean exactly with the "are there any other names" question? Sysadmins can create users with whatever name they want. — Álvaro González, Oct 14 '11 at 18:06
Any other default names for anything that might be considered the server; apache, nobody, www-data, etc.. — , Oct 14 '11 at 18:11
If I recall correctly, system users normally have a small UID (below 1024?). That might be a better clue for whatever you are trying to accomplish. — Álvaro González, Oct 14 '11 at 18:18
get_current_user() returns the owner of current script, not the user php is currently running. — Dima L., Apr 06 '14 at 09:41
Related: [How do I find out, which user is running the current php script?](http://stackoverflow.com/q/11088390/2157640) — Palec, Aug 09 '15 at 16:26

score 245 · Answer 1 · answered Oct 14 '11 at 17:58

245

<?php echo exec('whoami'); ?>

answered Oct 14 '11 at 17:58

AlienWebguy

76,997
17
122
145

1

Can't really use exec or system or any such passthru functions. – Oct 14 '11 at 18:00
Was just what I needed. get_current_user() was not what I needed definitely. – dmgig Jun 29 '16 at 15:27
8

Might be useful to some users: if you run this from the command line interface you will get the user that runs the command, and **not** the PHP user. – Bram Vanroy Sep 07 '16 at 09:41
@BramVanroy then where should you run it ? =| – Andrew Jul 18 '18 at 18:12
1

@BramVanroy - I want to understand your comment, but I don't. if you run that from the cli, isn't you who owns the current php process? Who would the PHP user be in this case other than you? – But those new buttons though.. Dec 07 '18 at 06:23
in C-Panel that option is disabled by default, at least on the two websites that I checked. – OAH Apr 24 '19 at 18:33

score 104 · Accepted Answer · edited Mar 30 '18 at 16:01

104

If available you can probe the current user account with posix_geteuid and then get the user name with posix_getpwuid.

$username = posix_getpwuid(posix_geteuid())['name'];

If you are running in safe mode however (which is often the case when exec is disabled), then it's unlikely that your PHP process is running under anything but the default www-data or apache account.

edited Mar 30 '18 at 16:01

Nick Tsai

3,799
33
36

answered Oct 14 '11 at 18:03

mario

144,265
20
237
291

10

There is [a comment on `get_current_user()` manpage](http://php.net/manual/en/function.get-current-user.php#57624) that shows this approach. As of PHP 5.4, it can be shortened to this: `print posix_getpwuid(posix_geteuid())['name'];` – Palec Aug 09 '15 at 16:17

score 86 · Answer 3 · edited May 21 '16 at 10:39

86

Kind of backward way, but without exec/system:

file_put_contents("testFile", "test");
$user = fileowner("testFile");
unlink("testFile");

If you create a file, the owner will be the PHP user.

This could also likely be run with any of the temporary file functions such as tempnam(), which creates a random file in the temporary directory and returns the name of that file. If there are issues due to something like the permissions, open_basedir or safe mode that prevent writing a file, typically, the temp directory will still be allowed.

edited May 21 '16 at 10:39

Palec

12,743
8
69
138

answered Oct 14 '11 at 18:04

Jonathan Kuhn

15,279
3
32
43

2

Very clever cross platform solution. Boh! – Matt Fletcher May 23 '14 at 15:51
3

Nice: the only non-privileged solution here to also find the _group_ that PHP is running as. – tanius Dec 29 '14 at 03:25
2

a worthy hack, deserves a higher place – Abraham Philip Apr 18 '15 at 04:31
I can't write to the web directory, which is what brought me here, but rather than getting trapped in a circle of fail I read Jonathan Kuhn's comment, and tempnam worked a treat. I still can't write to the directory, but at least I've confirmed who I am. – Dazbert May 17 '16 at 08:07
Depends on the write permissions `php user` is having or not. And for giving write permissions you are required to know the username, Practically only feasible for those programmers who forgot the `php user` after assigning it the write permissions. – Ravinder Payal Apr 23 '17 at 11:03
1

@RavinderPayal Unless you use the tempnam function like I suggested. It is almost guaranteed that the user can write to the temporary directory regardless of who they are. Without being able to write to the temporary directory, you could temporarily give a folder 777 permissions and if enabled, disable selinux for that path. – Jonathan Kuhn Apr 24 '17 at 19:07
Got it brother. Sorry for not reading last two - three lines of answer. – Ravinder Payal Apr 24 '17 at 19:14
1

@RavinderPayal there are additional functions to return the temp path. So `$temp_file = tempnam(sys_get_temp_dir(), 'TMP');` would create a temporary file in the temp directory on most any system. You could then use that file to get the user/group. I left some of that up to the user to figure out. – Jonathan Kuhn Apr 24 '17 at 19:19
Thanks brother for adding more value to answer – Ravinder Payal Apr 24 '17 at 19:21

score 20 · Answer 4 · edited Feb 25 '17 at 12:39

More details would be useful, but assuming it's a linux system, and assuming php is running under apache, it will run as what ever user apache runs as.

An easy way to check ( again, assuming some unix like environment ) is to create a php file with:

<?php
    print shell_exec( 'whoami' );
?>

which will give you the user.

For my AWS instance, I am getting apache as output when I run this script.

score 16 · Answer 5 · answered Oct 14 '11 at 18:02

16

You can try using backticks like this:

echo `whoami`;

answered Oct 14 '11 at 18:02

ricbra

170
6

7

It's just duplicate of questions above. – volter9 Aug 22 '14 at 18:50
2

Might be useful to some users: if you run this from the command line interface you will get the user that runs the command, and **not** the PHP user. – Bram Vanroy Sep 07 '16 at 09:41

score 15 · Answer 6 · answered Feb 09 '19 at 03:35

15

Straight from the shell you can run:

php -r "echo exec('whoami');"

answered Feb 09 '19 at 03:35

Gabriel Vilches Alves

364
4
8

score 14 · Answer 7 · edited May 09 '22 at 14:24

14

I would use:

lsof -i
lsof -i | less
lsof -i | grep :http

You can type any of these in your ssh command line and you will see which user is listening to each service.

You can also check this file:

more /etc/apache2/envvars

and look for these lines:

export APACHE_RUN_USER=user-name
export APACHE_RUN_GROUP=group-name

To filter out envvars file data, you can use grep:

more /etc/apache2/envvars | grep APACHE_RUN_

edited May 09 '22 at 14:24

PoolloverNathan

148
2
11

answered Feb 08 '14 at 20:52

Lukas Liesis

24,652
10
111
109

2

`grep "APACHE_RUN_" /etc/apache2/envvars` worked well, thanks. – Tarik Oct 26 '18 at 09:12

score 14 · Answer 8 · edited Nov 16 '19 at 22:13

14

exec('whoami') will do this

<?php
echo exec('whoami');
?>

edited Nov 16 '19 at 22:13

Martin Ille

6,747
9
44
63

answered Oct 14 '11 at 17:58

genesis

50,477
20
96
125

Can't really use exec or system or any such passthru functions. – Oct 14 '11 at 18:00
@Wesley: so that's not possible. – genesis Oct 14 '11 at 18:01
3

Might be useful to some users: if you run this from the command line interface you will get the user that runs the command, and **not** the PHP user. – Bram Vanroy Sep 07 '16 at 09:41

CRTLBREAK · Answer 9 · 2017-06-11T13:07:34.613

1

add the file info.php to the following directory - your default http/apache directory - normally /var/www/html

with the following contents

<?php                                                                           
phpinfo();                                                                    
?>

Then httpd/apache restart the go to your default html directory http://enter.server.here/info.php

would deliver the whole php pedigree!

edited Jun 11 '17 at 13:07

answered Jun 10 '17 at 14:06

CRTLBREAK

107
1
4

4

and which variable / value in that output are we looking for ? – Andrew Jul 18 '18 at 18:17
I am sure you have already found this but search for "user" on that page? – CRTLBREAK Jan 04 '19 at 15:57

Freeman · Answer 10 · 2021-02-13T10:02:20.447

1

You can use these commands :

<? system('whoami');?>

or

<? passthru('whoami');?>

or

<? print exec('whoami');?>

or

<? print shell_exec('whoami');?>

Be aware, the get_current_user() returns the name of the owner of the current PHP script !

edited Feb 13 '21 at 10:02

answered May 23 '19 at 00:38

Freeman

9,464
7
35
58

1

get_current_user() does *not* return the current user. It returns the owner of the script the function is called in. – andsens Aug 26 '19 at 07:57
why the vote-downs? it's a good answer. – obe Jul 08 '22 at 16:52

score 0 · Answer 11 · answered Apr 22 '14 at 17:04

In my setup I want to check if the current process has permission to create folders, subfolders and files before I begin a process and suggest a solution if it looks like I can't. I wanted to run stat(<file>) on various things to ensure the permissions match those of the running process (I'm using php-fpm so it varies depending on the pool).
The posix based solution Mario gave above, seems perfect, however it seems the posix extension is --disabled so I couldn't do the above and as I want to compare the results with the response from running stat() running whoami in a separate shell isn't helpful either (I need the uid and gid not the username).

However I found a useful hint, I could stat(/proc/self) and stat(/proc/self/attr) and see the uid and gid of the file.

Hope that helps someone else

score 0 · Answer 12 · answered May 26 '17 at 10:37

Proposal

A tad late, but even though the following is a work-around, it solves the requirement as this works just fine:

<?
    function get_sys_usr()
    {
        $unique_name = uniqid();  // not-so-unique id
        $native_path = "./temp/$unique_name.php";
        $public_path = "http://example.com/temp/$unique_name.php";
        $php_content = "<? echo get_current_user(); ?>";
        $process_usr = "apache";  // fall-back

        if (is_readable("./temp") && is_writable("./temp"))
        {
            file_put_contents($native_path,$php_content);
            $process_usr = trim(file_get_contents($public_path));
            unlink($native_path);
        }

        return $process_usr;
    }


    echo get_sys_usr();  // www-data
?>

Description

The code-highlighting above is not accurate, please copy & paste in your favorite editor and view as PHP code, or save and test it yourself.

As you probably know, get_current_user() returns the owner of the "current running script" - so if you did not "chown" a script on the server to the web-server-user it will most probably be "nobody", or if the developer-user exists on the same OS, it will rather display that username.

To work around this, we create a file with the current running process. If you just require() this into the current running script, it will return the same as the parent-script as mentioned; so, we need to run it as a separate request to take effect.

Process-flow

In order to make this effective, consider running a design pattern that incorporates "runtime-mode", so when the server is in "development-mode or test-mode" then only it could run this function and save its output somewhere in an include, -or just plain text or database, or whichever.

Of course you can change some particulars of the code above as you wish to make it more dynamic, but the logic is as follows:

define a unique reference to limit interference with other users
define a local file-path for writing a temporary file
define a public url/path to run this file in its own process
write the temporary php file that outputs the script owner name
get the output of this script by making a request to it
delete the file as it is no longer needed - or leave it if you want
return the output of the request as return-value of the function

score -1 · Answer 13 · answered Jun 03 '16 at 11:53

-1

I usually use

<?php echo get_current_user(); ?>

I will be glad if it helped you

answered Jun 03 '16 at 11:53

yiimar

25
1

This has already been mentioned in the comments under the question and it does have only very little to do with the user the script is running under. – Palec Jun 03 '16 at 12:24
1

`get_current_user() - Gets the name of the owner of the current PHP script` - *not* the user running the PHP process. – Francisco Zarabozo Feb 04 '17 at 09:05

score -1 · Answer 14 · edited Oct 11 '16 at 14:05

-1

$_SERVER["USER"]

$_SERVER["USERNAME"]

edited Oct 11 '16 at 14:05

NathanOliver

171,901
28
288
402

answered Oct 11 '16 at 14:03

Step

314
3
3

`echo $_SERVER["USER"];` works but gives the current logged in user name in SSH. – Tarik Oct 26 '18 at 09:14

score -2 · Answer 15 · answered Nov 13 '18 at 00:22

-2

<?php phpinfo(); ?>

save as info.php and

open info.php in your browser

ctrl+f then type any of these:

APACHE_RUN_USER
APACHE_RUN_GROUP
user/group

you can see the user and the group apache is running as.

answered Nov 13 '18 at 00:22

Jerome Jr. Formentera

7
1

There are none of these lines in phpinfo – Rohit Gupta Aug 14 '22 at 21:19

score -3 · Answer 16 · answered Oct 04 '18 at 00:28

-3

$user = $_SERVER['REMOTE_USER'];

http://php.net/manual/en/reserved.variables.server.php

Authenticated user

answered Oct 04 '18 at 00:28

Tybion

87
1
7

How to check what user php is running as?

16 Answers16

Proposal

Description

Process-flow

Linked

Related