Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Looking at the man page for su, it says that the command specified with the -c argument is run by the user's shell as specified in /etc/passwd. Does your apache user have a valid shell? Mine doesn't and I also can't run commands that way, but if I switch to a different user (one with a valid shell) it works.
You could give the apache user a valid shell, but I don't recommend this. If there is an exploit for Apache that allows privilege escalation, you want to make sure that other users can't access a shell as the user running the Apache process. If you do go this way, make sure the password is strong.
Can you run the su command as another user instead? Or, can you do something with cgi scripts so that the script is started by the Apache process as the apache user? At this point though, I'm guessing...
Can you run the su command as another user instead? Or, can you do something with cgi scripts so that the script is started by the Apache process as the apache user?
I only have one user that has shell access which is root - I can't do the last option either since its not a good idea to add another lay to my application, its already badly designed don't work to make it any worse ::P
Ok, its a permissions problem, but what else can I do to allow apache to eb able to run just ffmpeg!! How do I make apache the owner of ffmpeg, will that help? I used "chown apache ffmpeg" but that didn't do much.
It's not whether apache is the owner of the ffmpeg binary, it's whether su can find a valid shell for the apache user where it can execute the command. You can use chsh to modify the apache user's shell to something else (like /bin/bash).
I'd try it first after running usermod -L apache - that way if the su works, the apache user still can't manually login. I haven't tested this though.
Do you think it will be much easier to just write a shell script that takes in a set of variables that can be executed by apache and it does what I want it to do. Or will I face the same sort of problem??
Yes, sweet that works with the correct syntax. Apache can run a ffmpeg command from the command line but still it won't run it when i use it in the exec function of php. PHP safe_mode is off. Whats stopping it from executing now. I am going to double check everything to make sure. It should theoretically work when exec is called by PHP right?
With safe mode off, I'd have thought it would work (but I don't have much history with PHP). Are you getting a different error message now or is anything being written to the Apache access or error logs that might describe what is happening?
This just gets stranger. I can run the command 'su apache -c whoami' fine via the shell. I try to run the same thing using php like so:
echo 'whoami '.exec("su apache -c 'whoami'");
It returns nothing and gives the PHP error code 127. From this site: http://uk2.php.net/passthru, the first comment says:[code]If you have chrooted apache and php, you will also want to put /bin/sh into the chrooted environment. Otherwise, the exec() or passthru() will not function properly, and will produce error code 127, file not found.[code]Do you know what that means?
Can you post what the solution was. I have the identical problem that you had and have spent days trying to fix it. This thread is promising, but like so many other threads it stops without the solution.
My current shell is
what shell to I chsh too?
I have available: