Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

exec function failing (permissions error)

Status
Not open for further replies.

BobMCT

IS-IT--Management
Sep 11, 2000
756
US
I need to trigger a program (binary) passing it a parameter. Within my php prog I have: $rtn = exec('progname restart');

It fails with the error:
Unable to open progname.ipc: 13 Permission denied

Of course, if I run this from the CLI it works fine. The permissions of progname are 775.

Any thoughts, ideas, recommendations? Thanks
 
Dies the script call other scripts? Are all the lower scripts also 775?
 
There is no other script. The progname is a linux binary.
 
it may be a binary. but if it is trying to elevate permissions or do anything that requires elevated permissions, then this is not going to work.

check that safe mode is not enabled

failing that i have nothing to suggest other than to check and recheck the perms.

if nothing works it sounds like something is bugging.

an alternative to exec is to drop a file in a directory that can be picked up by a cron. or have inotify monitor the folder. you'd need to find some way of maintaining state whilst the external job fired.

Code:
set_time_limit(10);
while(!is_file('/path/to/cron/output')):
   clearstatcache();
endwhile;

 
It may be that the Server does not allow you to execute files.. It is disabled in the php.ini
 
When you run from CLI are you logged in as the same user that your web server runs under? Your web server user may be limited from executing, but if you log into CLI with say an admin login then you may be able to execute OK. This has happened to me in the past and spent several hours wondering why my script isn't working.

And then...
 
Thanks,
I did some additional testing. The script in question is a php running under apache and it hiccups as describes. I have a similar perl script which also hiccups with the perl equivalent but when run with sudo it runs fine. I understand why.

For the web based call I tried setting the sticky bit on the executable binary of the program being exec'd but it still fails. I thought that was what the use of the sticky bit for execution was for??? I used chmod 4755 program_binary_name.

Does anyone know of a way to execute a privileged program from within a php script without the permission errors???

Thanks all
 
Does anyone know of a way to execute a privileged program from within a php script without the permission errors???
see my post of 18 Jun 11 @ 4:50

you can also just exec with sudo prepended to your function call. you will need to set up your web user to be able to sudo without a password or to provide the pwd via stdin. neither, imo, is a good idea.
 
perhaps this has nothing to do with your executable at all
does your web server have permission to read the directory containing the Binary?

Do not use the Sticky bit, the user would still need permisions to execute the binary it only changes the user the binary is running as.

I would strongly advise against using sudo as this would run the binary as root & is a security risk.


I do not Have A.D.D. im just easily, Hey look a Squirrel!
 
@IPGuru
I would strongly advise against using sudo as this would run the binary as root & is a security risk.

I'd always thought that one could use sudo to impersonate any user. say
Code:
sudo -u jpadie ls /restrictedVolume > ~/dir.txt

would run the command as jpadie and not as root.

 
@BobMCT

an idle thought also suggests that you could work around the restriction by creating a new linux group, adding and the existing group perm of the script to the new group, then changing the group permissions of the script.

thus essentially making part of the group allowed to execute the program but not elevating it to have admin group permissions.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top