ID: 49827 Updated by: sjo...@php.net Reported By: bill dot mcclendon at digiconllc dot com -Status: Open +Status: Feedback Bug Type: Unknown/Other Function Operating System: Linux RH PHP Version: 5.2.11 New Comment:
Thank you for your bug report. Does your installation have other access control than UNIX permissions, such as ACL? Can you succesfully execute 'ls /home' from the command line, or using backticks in PHP? Previous Comments: ------------------------------------------------------------------------ [2009-10-09 22:49:50] bill dot mcclendon at digiconllc dot com Corrected email address (your form seems to have a problem) ------------------------------------------------------------------------ [2009-10-09 22:48:30] bill dot mcclendon at digiconllc dot com Description: ------------ Running Apache 2.x and PHP 5.2 safe_mode = off test case - using "<?php $cmd = 'ls /home'; shell_exec($cmd); ?>" produces the error "ls: /home Permission denied" using "<?php $cmd = 'ls /usr'; shell_exec($cmd); ?>" succeeds (check the Apache error_log for errors) However, both "/home" and "/usr" have the EXACT same permission and ownership. and Apache is running with "User owner" where "owner" is the owner of the contents of "/home". Listing of both paths: 8 drwxr-xr-x 15 root root 4096 Jun 24 2005 usr 8 drwxr-xr-x 5 root root 4096 Jan 8 2007 home Shell is "/bin/bash" and it looks like: 764 -rwxr-xr-x 1 root root 772760 Dec 6 2004 /bin/bash Any ideas? Reproduce code: --------------- Test cases: FAIL: <?php $cmd = 'ls /home'; echo "<pre>".shell_exec($cmd)."</pre>"; ?> SUCCESS: <?php $cmd = 'ls /usr'; echo "<pre>".shell_exec($cmd)."</pre>"; ?> Expected result: ---------------- Listing of files: SUCCESS result: bin etc games include kerberos lib lib64 libexec local sbin share src tmp X11R6 Actual result: -------------- For FAIL above (no results). ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49827&edit=1
