php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #1905 User Name when php runs as an apache module
Submitted: 1999-07-28 09:25 UTC Modified: 1999-07-28 15:20 UTC
From: phil at wonderfulworld dot com Assigned:
Status: Closed Package: Other
PHP Version: 3.0.11 OS: linux 2.0.36 (Red Hat 5.2)
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: phil at wonderfulworld dot com
New email:
PHP Version: OS:

 

 [1999-07-28 09:25 UTC] phil at wonderfulworld dot com
<?
  echo "start<br>";
  echo "My Name is $LOGNAME or $USER<br>";
  echo "But whoami states: ";
  system( "whoami");
  echo "<br><br>";
  phpinfo();
?>


Output:

start
My Name is root or root
But whoami states: web 

                      PHP Version 3.0.11

by Rasmus Lerdorf, Andi Gutmans, Zeev Suraski, Stig Bakken, Shane Caraveo, Jim Winstead,
and countless others.


   System: Linux whata.wonderfulworld.com 2.0.36 #1 Tue Oct 13 22:17:11 EDT 1998 i486
                                   unknown
                             Build Date: Jul 27 1999


                                Extensions

           Extensions
                                   Additional Information
          PHP core
                     CFLAGS=-g -O2 -O2
                     HSREGEX=yes
          Basic
          Functions
                     No additional information.
          PHP_DL
                     Dynamic Library support enabled. 
          PHP_dir
                     No additional information.
          PHP_filestat
                     No additional information.
          PHP_file
                     No additional information.
          PHP_head
                     No additional information.
          Sendmail
                     Path to sendmail: /usr/sbin/sendmail -t
          Syslog
                     No additional information.
          MySQL
                      Allow persistent
                      links:
                                      Yes
                      Persistent links:
                                      0/Unlimited
                      Total links:
                                      0/Unlimited
                      Client API
                      version:
                                      3.22.25
                      Compilation
                      definitions:
                                      MYSQL_INCLUDE=@MYSQL_INCLUDE@
                                      MYSQL_LFLAGS=@MYSQL_LFLAGS@
                                      MYSQL_LIBS=@MYSQL_LIBS@

          Socket
          functions
                     No additional information.
          Regular
          Expressions
                     Bundled regex library enabled 
          Apache
                     APACHE_INCLUDE=-I../apache_1.3.6/src/include
                     -I../apache_1.3.6/src/os/unix
                     APACHE_TARGET=../apache_1.3.6/src/modules/php3
                     Apache Version: Apache/1.3.6
                     Apache Release: 10306100
                     Apache API Version: 19990320
                     Hostname/port: whata.wonderfulworld.com:80
                     User/Group: web(102)/102
                     Max Requests: per child: 30    keep alive: on    max per
                     connection: 100
                     Timeouts: connection: 300    keep-alive: 15
                     Server Root: /etc/httpd
                     Loaded modules: mod_php3, mod_setenvif, mod_auth,
                     mod_access, mod_alias, mod_userdir, mod_actions,
                     mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex,
                     mod_include, mod_status, mod_negotiation, mod_mime,
                     mod_log_config, mod_env, http_core
          Crypt
                     No additional information.
          DBM
                     ndbm support enabled
          bcmath
                     No additional information.
          browscap
                     No additional information.
          PHP_pack
                     No additional information.
          PCRE
                     Perl Compatible Regular Expressions
                      PCRE library version:
                                         2.05 21-Apr-1999

          Posix
                     $ Revision: $ 



                              Configuration

                       php3.ini file path is set to: /etc/httpd/conf
           Directive
                               Master Value
                                                        Local Value
     arg_separator
                          &
                                                  &
     asp_tags
                         1
                                                 1
     auto_prepend_file
                          
                                                  
     auto_append_file
                          
                                                  
     browscap
                          none
                                                  none
     cgi_ext
                          none
                                                  none
     debugger.host
                          none
                                                  none
     debugger.port
                         0
                                                 0
     define_syslog_variables
                         0
                                                 0
     display_errors
                         1
                                                 1
     doc_root
                          
                                                  
     enable_dl
                         1
                                                 1
     engine
                         1
                                                 1
     error_log
                          none
                                                  none
     error_append_string
                          none
                                                  none
     error_prepend_string
                          none
                                                  none
     error_reporting
                         7
                                                 7
     extension_dir
                          ./
                                                  ./
     gpc_order
                          GPC
                                                  GPC
     ignore_user_abort
                         0
                                                 0
     include_path
                          
                                                  
     isapi_ext
                          none
                                                  none
     last_modified
                         0
                                                 0
     log_errors
                         0
                                                 0
     max execution time
                         30
                                                 30
     magic_quotes_gpc
                         1
                                                 1
     magic_quotes_runtime
                         0
                                                 0
     magic_quotes_sybase
                         0
                                                 0
     memory limit
                         8388608
                                                 8388608
     nsapi_ext
                          none
                                                  none
     open_basedir
                          none
                                                  none
     precision
                         14
                                                 14
     safe_mode
                         1
                                                 1
     safe_mode_exec_dir
                          /usr/bin
                                                  /usr/bin
     sendmail_from
                          admin@wonderfulworld.com
                                                  admin@wonderfulworld.com
     sendmail_path
                          /usr/sbin/sendmail -t
                                                  /usr/sbin/sendmail -t
     short_open_tag
                         1
                                                 1
     smtp
                          smtp.wonderfulworld.com
                                                  smtp.wonderfulworld.com
     sql_safe_mode
                         0
                                                 0
     track_errors
                         0
                                                 0
     track_vars
                         1
                                                 1
     upload_max_filesize
                         2097152
                                                 2097152
     upload_tmp_dir
                          none
                                                  none
     user_dir
                          
                                                  
     warn_plus_overloading
                         0
                                                 0
     xbithack
                         0
                                                 0
     browscap
                          none
                                                  none
     y2k_compliance
                         1
                                                 1
     highlight_comment
                          #FF8000
                                                  #FF8000
     highlight_default
                          #0000BB
                                                  #0000BB
     highlight_html
                          #000000
                                                  #000000
     highlight_string
                          #DD0000
                                                  #DD0000
     highlight_bg
                          #FFFFFF
                                                  #FFFFFF
     highlight_keyword
                          #007700
                                                  #007700



                               Environment

    Variable
                                                  Value
 USERNAME
              root
 ENV
              /root/.bashrc
 HISTSIZE
              1000
 HOSTNAME
              whata.wonderfulworld.com
 LOGNAME
              root
 HISTFILESIZE
              1000
 MAIL
              /var/spool/mail/root
 XXX
              #####################################################################
 TERM
              vt100
 HOSTTYPE
              i386
 PATH
              /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin
 HOME
              /root
 SHELL
              /bin/bash
 USER
              root
 OSTYPE
              Linux
 SHLVL
              2
 _
              /usr/sbin/httpd



                              PHP Variables

                      Variable
                                                     Value
          PHP_SELF
                                          /fred.php



                          Apache Environment

          Variable
                                                               Value
 DOCUMENT_ROOT
                           /home/web/WEB 
 HTTP_ACCEPT
                           image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* 
 HTTP_ACCEPT_CHARSET
                           iso-8859-1,*,utf-8 
 HTTP_ACCEPT_ENCODING
                           gzip 
 HTTP_ACCEPT_LANGUAGE
                           en 
 HTTP_CONNECTION
                           Keep-Alive 
 HTTP_HOST
                           whata.wonderfulworld.com 
 HTTP_PRAGMA
                           no-cache 
 HTTP_USER_AGENT
                           Mozilla/4.61 [en] (WinNT; U) 
 PATH
                           /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin 
 REMOTE_ADDR
                           192.168.100.105 
 REMOTE_PORT
                           3420 
 SCRIPT_FILENAME
                           /home/web/WEB/fred.php 
 SERVER_ADMIN
                           root@wonderfulworld.com 
 SERVER_NAME
                           whata.wonderfulworld.com 
 SERVER_PORT
                           80 
 SERVER_SIGNATURE
                           Apache/1.3.6 Server at whata.wonderfulworld.com Port 80
                            
 SERVER_SOFTWARE
                           Apache/1.3.6 (Unix) PHP/3.0.11 
 GATEWAY_INTERFACE
                           CGI/1.1 
 SERVER_PROTOCOL
                           HTTP/1.0 
 REQUEST_METHOD
                           GET 
 QUERY_STRING
                            
 REQUEST_URI
                           /fred.php 
 SCRIPT_NAME
                           /fred.php 



                     HTTP Headers Information

                             HTTP Request Headers
          HTTP Request
                        GET /fred.php HTTP/1.0 
          Accept
                        image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
                        image/png, */* 
          Accept-Charset
                        iso-8859-1,*,utf-8 
          Accept-Encoding
                        gzip 
          Accept-Language
                        en 
          Connection
                        Keep-Alive 
          Host
                        whata.wonderfulworld.com 
          Pragma
                        no-cache 
          User-Agent
                        Mozilla/4.61 [en] (WinNT; U) 
                            HTTP Response Headers
          Connection
                        close 
          Content-Type
                        text/html 



PHP License

This program is free software; you can redistribute it and/or modify
it under the terms of:

A) the GNU General Public License as published by the Free Software
   Foundation; either version 2 of the License, or (at your option)
   any later version.

B) the PHP License as published by the PHP Development Team and
   included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of both licenses referred to here.
If you did not, or have any questions about PHP licensing, please
contact core@php.net.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-07-28 15:20 UTC] rasmus at cvs dot php dot net
There is no bug here.  You started your httpd as root and Apache does a setuid() to 'web'.
That's the way it is supposed to work.  Those environment variables are simply inherited.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Nov 12 04:01:29 2024 UTC