php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49827 shell_exec using ls /home fails with Permission denied
Submitted: 2009-10-09 22:48 UTC Modified: 2009-10-20 21:44 UTC
From: bill dot mcclendon at digiconllc dot com Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 5.2.11 OS: Linux RH
Private report: No CVE-ID: None
View Developer Edit
 [2009-10-09 22:48 UTC] bill dot mcclendon at digiconllc dot com 
Description:
------------
Running Apache 2.x and PHP 5.2

safe_mode = off

test case - using "<?php $cmd = 'ls /home'; shell_exec($cmd); ?>" produces the error "ls: /home Permission denied"
using "<?php $cmd = 'ls /usr'; shell_exec($cmd); ?>" succeeds

(check the Apache error_log for errors)

However, both "/home" and "/usr" have the EXACT same permission and ownership.

and Apache is running with "User owner" where "owner" is the owner of the contents of "/home".  

Listing of both paths:

  8 drwxr-xr-x   15 root   root    4096 Jun 24  2005 usr
  8 drwxr-xr-x    5 root   root    4096 Jan  8  2007 home

Shell is "/bin/bash" and it looks like:

764 -rwxr-xr-x  1 root root 772760 Dec  6  2004 /bin/bash


Any ideas?

Reproduce code:
---------------
Test cases:
FAIL:

<?php
$cmd = 'ls /home';
echo "<pre>".shell_exec($cmd)."</pre>";
?>

SUCCESS:
<?php
$cmd = 'ls /usr';
echo "<pre>".shell_exec($cmd)."</pre>";
?>

Expected result:
----------------
Listing of files:

SUCCESS result:

bin
etc
games
include
kerberos
lib
lib64
libexec
local
sbin
share
src
tmp
X11R6


Actual result:
--------------
For FAIL above (no results).

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-09 22:49 UTC] bill dot mcclendon at digiconllc dot com 
Corrected email address (your form seems to have a problem)
 [2009-10-10 12:02 UTC] Sjoerd@php.net 
Thank you for your bug report.

Does your installation have other access control than UNIX permissions, such as ACL? Can you succesfully execute 'ls /home' from the command line, or using backticks in PHP?
 [2009-10-13 18:37 UTC] bill dot mcclendon at digiconllc dot com 
PHP bug reporting/support.

1) No ACL's (you think I didn't check this already?)
2) You mean grave accent? Yes - same error (I checked that already too).

It's not running in a VM either.

Bill
 [2009-10-14 17:05 UTC] Sjoerd@php.net 
Thank you for your feedback.

The behavior you report is not a bug in PHP. The 'ls' program is executed succesfully and it gives the 'Permission denied' error, not PHP.

The home directory may be mounted over NFS or there may be some other reason why there are additional access restrictions.
 [2009-10-20 21:44 UTC] bill dot mcclendon at digiconllc dot com 
No, the "ls" program was not executed successfully.  Only when the target was "/tmp" or "/usr".  Any and all other paths - including sub-directorties under "/usr" - failed with a permission violation.

I found the root cause and solved the issue.  You can close this bug report.

You may want to add a note/description of this issue so others are not so trapped.

The root cause was "SELinux". It had been enabled and set to "enforced" and this prevented anything from running that was not in the vary basic, very SMALL list of commands configured for the default SELinux delivery.

The system administrators were unaware of SELinux and had no knowledge of it being configured - or even what it was.

Bill
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 23 16:00:03 2025 UTC