0

I am trying to use php to run some system commands and am getting a behaviour that I don't fully understand. If the php script is run from the command line I get the results I expect. But running it through apache yields mixed results.

For example, I have this simple little php script:

<?php $res = shell_exec("ps -ef"); echo $res; ?>

If I run it from the command line I get the full list of processes as I would expect to see if I had run "ps -ef" directly. However if I run the script through apache, I get a smaller set of processes, most of which are apache-owned, although there are also a few root-owned processes and one that is owned by my regular user. Trying to use other commands gets similar behavior; it works when I run it in CLI mode (e.g. "php test.php"), but not when I pull up the php script in apache. It also doesn't seem to matter which user is running it in CLI mode (I've tested it with root and with my personal user account). It seems like some sort of permissions issue, although it's seemingly not an executable issue since in the example of "ps -ef" I get results in both cases.

I am running on CentOS 8, using apache 2.4.37 and php 8.0.8.

What am I missing?

Thanks,

Gavin

Improve this question

    1 Answer 1

    Reset to default
    1

    It may be that the /proc filesystem is mounted with the hidepid=2. Check with grep hidepid /proc/self/mountinfo.

    Improve this answer
    4
    • There are no occurrences of hidepid in that file.
      – Gavin Murphy
      CommentedJul 23, 2021 at 14:43
    • Did you run that command from apache + php or from the CLI? Maybe apache is running in some kind of container (in its own mount namespace).
      – user482887
      CommentedJul 23, 2021 at 14:45
    • It may also be selinux at work, though I don't remember off the cuff the exact incantations for it, sorry ;-) (look for some "AVC" messages in the system log)
      – user482887
      CommentedJul 23, 2021 at 14:50
    • When I stated that I ran it from the command line, I mean that I ran 'php test.php' from the command prompt in a terminal. It works as I expect (full listing of processes) regardless of which user I am logged in as. I suspect it has to do with SELinux, but I am not sure how to go about determining what exactly it is or how to affect any change that would result in things working as I need them to.
      – Gavin Murphy
      CommentedJul 27, 2021 at 13:14

    You must log in to answer this question.

    Start asking to get answers

    Find the answer to your question by asking.

    Ask question

    Explore related questions

    See similar questions with these tags.