Jump to content

Archived

This topic is now archived and is closed to further replies.

TheShipsMast

shell_exec

Recommended Posts

hi guys,


hopefully someone here can help.. I have trawled every forum and googled for a week now, and still cant get this fixed..

I have CentOS4.2 installed, with apache2 and php4 rpm installs. httpd is running under user apache. I have full control over the server.

DocumentRoot is set to /var/www/html

my php page I am trying to execute is this simple one:sr.php

<?
shell_exec("/tmp/ls.sh > /tmp/output")
?>

when I load sr.php in a browser, nothing happens. ( I am not expecting anything on screen, but /tmp/output never gets created).

a tail of /var/log/http/error_log shows
sh: /tmp/ls.sh: Permission denied


now, /tmp has 777 perms, and if I run

su -c "/tmp/ls.sh" apache
the file /tmp/output gets created.

if I change sr.php to
<?
shell_exec("ls > /tmp/output")
?>

the file /tmp/output gets created!

so it appears php will run system commands, but not user scripts.

Any ideas as to why I can not run user scripts from within PHP??

This has got me utterly beaten..

Thanks in advance

note: I do have semi-colons at the end my code, but everytimeI tried and posted with one, the page wouldnt submit, and gave me an error on the forum

edit:
php isnt producing any error logs, but this is from the syslog..


Mar 28 15:05:26 dell2 kernel: audit(1143554726.143:86): avc: denied { execute } for pid=5652 comm="sh" name="ls.sh" dev=dm-0 ino=4898845 scontext=root:sy
stem_r:httpd_sys_script_t tcontext=root:object_r:tmp_t tclass=file
Mar 28 15:05:26 dell2 kernel: audit(1143554726.143:87): avc: denied { getattr } for pid=5652 comm="sh" name="ls.sh" dev=dm-0 ino=4898845 scontext=root:sy
stem_r:httpd_sys_script_t tcontext=root:object_r:tmp_t tclass=file
Mar 28 15:05:26 dell2 kernel: audit(1143554726.144:88): avc: denied { getattr } for pid=5652 comm="sh" name="ls.sh" dev=dm-0 ino=4898845 scontext=root:sy
stem_r:httpd_sys_script_t tcontext=root:object_r:tmp_t tclass=file

Share this post


Link to post
Share on other sites
I might have a simular problem.. I'm trying to run a shell_exec with a ping, but this only works well when run from a browserwindow. Through a cronjob it's not running the shell_exec at all..

Share this post


Link to post
Share on other sites
Think I may have sussed the problem.. although I have b0rked my server in the process.. so heed warnings!

The problem (I THINK) is to do with SELinux being implemented on the box, and not allowing apache to run scripts.

Although, when I tried to loosen up the policies, and rebooted the box...

that was 18 hours ago, and the box still isnt pinging :( and its in a datacentre, and the support guys are utter rubbish..

arse

Share this post


Link to post
Share on other sites
I am not too farmiliar with the programs on linux. but in windows in order for me to run a batch file which is similar to an sh file in linux, I had to give permissions to the batch file AND the cmd.exe executable to the user account. This is because the cmd function is what runs the .bat file.

So in your case you would have to give execute permission to the sh executable and the script you want to run to the apache account.

this is how it is on windows anyway.

Ray

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.