Unable to call system commands and shell scripts from PHP Fedora 10

Question

I am working on an application that runs locally on a Fedora 10 machine through PHP and Apache. It depends on a process that runs in the background.

The higher-ups want to be able to start/stop/restart the process, through the browser. I was trying to get this to work by having PHP make calls to the system using exec() and shell_exec, but it doesn't seem to work.

When I try to start the process using "exec('processName')", nothing happens.

When I try to use "exec('killall processName')", SELinux starts constantly popping up warnings that the process was permitted (because I put it into permissive mode), however it doesn't actually kill the process! But this seems to go on even after the page is fully loaded!?!?

I AM able to call another script in a similar fashion: "exec('/var/www/cgi-bin/ControlProgram START')". So I'm not really sure what the major differences are between the two calls/commands.

I also put the script call into the /etc/rc.local file to have the script run at login. However, will I be able to kill this script from PHP since its run by... the system?

I'm not a guru when it comes to permissions/SELinux, so don't spare on the gory details! Thanks in advance!

Answer 1

This works for me:

<?php

$e = exec("/bin/bash -c 'sleep 5'");

?>

Running this in a terminal, shows

$ ps -e | grep sleep
apache   12716  0.0  0.0   1884   400 ?        S    02:07   0:00 sleep 5

I have Fedora 10, and PHP is:

$ rpm -q php
php-5.2.6-5.i386

If I try the PHP script again and run watch 'ps -e | grep sleep', the process appears, and then when I run this PHP script it will disappear.

<?php

exec("killall sleep");
?>

Clearly, you're on the right track if it was an SELinux issue. Perhaps you have PHP configured differently than the default?

Answer 2

If you have administrative control over this system you will want to check the PHP configuration (make sure it is the config profile for the web server).

Safe_Mode will prevent PHP from executing anything outside a particular folder. In a shared hosting environment, this usually means you can only execute things that are relative to your home/www folder--which seems to be the case based on your notes.

Answer 3

I believe I found the problem. I'm still not exactly sure what the problem is, but it looks like it has something to do with file/directory permissions. When I moved the scripts into my /var/www/html directory, the scripts ran. I moved them into /var/www/cgi-bin and they work there too. So it might be something where apache can't execute scripts that are outside the /var/www directory, or at least it can't do it directly. Thanks for your help though!

Answer 4

It sounds like old school unix permissions and how apache operates. I do recall (though it has been some time) that apache is careful on what it will execute. Double check your octals.

To verify that it isn't SELinux you can disable it instead of putting it in permissive. though this will cause a file system relabel (or should). At that point your extended attributes with the SELinux contexts could get out of wack and cause SELinux problems once in enforcing again.