php - exec issue

Question

I'm setting up a new server and of course I didn't document every change I did to the last one but I'm getting there.

I have a weird issue, I'm trying to do a simple call in php:

exec('service httpd reload');

And it's not doing anything. I can execute other commands such as tar, I did check php.ini for disabled_functions and it's empty. The username php is using for creating files/folders is "apache" as well.

Does anyone know any other areas I can check? This is a fresh install of php 5.2.x so I'm sure there is a security setting in apache or something blocking this.

Answer 1

You can't restart Apache as a normal user, but you should never leave your root password written in a file. If you really have to run that command from php, there's an alternative method.

You can allow certain commands to be run as root by a certain user without specifying a password. To do this you must edit the /etc/sudoers file with visudo and add the tag NOPASSWD to the command you want to run. Here is the example from the man page:

ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

This would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm as root on the machine rushmore without authenticating himself.

Answer 2

Well your apache is most probably running under a normal user account (www-data or apache - it depends on your distribution), but to restart apache (or any other service) you have to be root.

You could use sudo to elevate your privileges.