exec() problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
eldee
Forum Newbie
Posts: 2
Joined: Wed Feb 18, 2009 8:31 am

exec() problem

Post by eldee »

I'm trying to execute an exec() command from within PHP and its giving me permission denied.

the command is exec('chown ftpuser:ftpgroup /home/ftp/ -R');

- It returns "Operation not permitted"
changing ownership of `/home/ftp/': Operation not permitted

- Apache runs under user "geuze"
geuze 14990 10067 0 07:11 ? 00:00:05 /usr/sbin/httpd

- The /home/ftp dir is owned by user geuze ,group geuze
drwxr--r-- 2 geuze geuze 4096 2009-02-17 19:29 ftp

- selinux has been disabled
getenforce returns "Disabled"

- exec('whois') returns "geuze" so the webserver is running as geuze

- if i login as "geuze" and issue the chmod command it works

- if i run the php script (with the exec code) from the command line it also works, running the same script through the webserver fails.

- in php.ini
safe_mode = Off
safe_mode_gid = Off

- fedora 10 , php 5.2.6-5

I dont know what to check anymore, what could prohibit me from executing this chown command from php?
jason.carter
Forum Commoner
Posts: 35
Joined: Sat Jan 10, 2009 10:05 am

Re: exec() problem

Post by jason.carter »

Do you have permission 777 on that file?
eldee
Forum Newbie
Posts: 2
Joined: Wed Feb 18, 2009 8:31 am

Re: exec() problem

Post by eldee »

i found the solution, chown can only be run as root. so i needed to add a line to sudoers to permit geuze to run chown. for security reasons i've only allowed it to chown one specific directory
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: exec() problem

Post by VladSun »

eldee wrote:i found the solution, chown can only be run as root. so i needed to add a line to sudoers to permit geuze to run chown. for security reasons i've only allowed it to chown one specific directory
Exactly :)
Bravo!
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply