Apache user privileges in Centos

Question

Hi I'm using the shell_exec command from a PHP script:

$output = shell_exec('ls -l');
print_r($output);

Terminal: php test.php

Which results in the directory listing as expected.

Switch to my browser I get no output.

I need to grant privileges to the user 'apache' so that it can execute certain commands, or add the user to a group with such privileges. I know how to add users to groups etc, I was just wondering what the best practice method is of granting such privileges to the apache user.

Answer 1

This took me a while to figure out so it may be of benefit to others.

The problem was that I was trying to give the apache user privileges in /etc/sudoers and SELinux was (quite rightly) denying them.

So I quickly disabled SELinux for httpd and all was working.

This is far from an ideal situation though for a public web server.

As for best practices audit2allow should be used to set permissive operations.