I am a bit new to PHP and web development in general, and I am trying to execute a program from php. I setup my virtual machine and hosted it properly, but when the website attempts to load the page, it says that the program could not be executed: “permission denied.” I tried everything including:
- Adding execute permissions to every file in /var/www/html
- setfacl -m u:apache:rwx /var/www/
- chown -R apache:apache /var/www/
Further context:
- I am on fedora linux
heres index.php:
<html> <body> <p> <?php exec("whoami && ./program 2>&1", $out); foreach ($out as $element) { echo $element; echo "<br>"; } ?> </p> </body> </html>
When I run it from a browser, this is the output:
[fedora@fedora html]$ curl localhost <html> <body> <p> apache<br>sh: ./program: Permission denied<br></p> </body> </html>
Most tips on the internet tell you to make sure user ‘apache’ has permission to execute the file. I have done that and verified by doing the following commands.
[fedora@fedora html]$ sudo -u apache bash bash-5.0$ ls -la total 48 drwxrwxrwx. 2 apache apache 4096 Oct 25 11:22 . drwxrwxrwx+ 4 apache apache 4096 Oct 25 09:51 .. -rw-rw-rw-. 1 apache apache 158 Oct 25 11:04 index.php -rwxrwxrwx+ 1 apache apache 20648 Oct 25 10:02 program -rwxr-xr-x. 1 apache apache 23 Oct 25 10:57 p.sh bash-5.0$ ./program test test test test test test test test test bash-5.0$ php index.php <html> <body> <p> apache<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br>test<br></p> </body> </html> bash-5.0$
I sudoed into the apache user and was able to read every file in the directory and execute them via the shell. After that, I ran php index.php, and it executed the script perfectly with the exepcted output.
I am at a complete loss for why it can’t execute this script in the browser, any help would be much appreciated!
Edit: I checked my php.ini file and there are no disabled functions
... disable_functions = ...
Advertisement
Answer
I checked my SELinux configuration and the scripts were not set to the correct permissions. They were set to httpd_sys_content_t when they needed to be httpd_sys_script_exec_t.
the simple fix was:
chcon -R -t httpd_sys_script_exec_t program