Apache+PHP problem: Cannot list processes other than apache's

Question

I have a quite fresh install of the Apache (2.2.3/Centos) + PHP(5.1.6) and following problem: I need to monitor life of one process and in order to do that I run:

$last_line = exec('ps -C snmpd');

and check its output.

Unfortunately I always get nothing. I've checked it with other process names and it seems it can 'see' only Apache's processes.

Any idea how to work this out?

UPDATE: Execution of the other command system('snmpget -v2c -c public localhost '.$oid, $retval); works great, there is only problem with the ps. What is strange (for me), when I log as apache user and run ps manually it works correctly (shows everything).

I've found the other way. It's not the right solution for the problem but in this particular case it works. My workaround is to check if `/var/run/snmpd.pid` file exists. — Satanowski, May 11 '10 at 13:07

score 1 · Answer 1 · answered May 11 '10 at 10:43

1

You will only be able to see the processes of the user under which the web server is running, as this is the user exectuing the command.

If you require the ability to run commands as a different user, have a look at suexec. http://httpd.apache.org/docs/2.2/suexec.html

answered May 11 '10 at 10:43

LukeR

3,126
2
30
25

Strange. I can get full process list as the "apache" user ... and this 'exec' way have worked before on Gentoo :/ – Satanowski May 11 '10 at 10:58

score 0 · Answer 2 · answered May 11 '10 at 12:47

0

Try running a fuller ps call like:

ps aux | grep -i snmpd | grep -v grep

answered May 11 '10 at 12:47

warren

18,369
23
84
135

That was the first version of my script, before I've changed it to `exec('ps -C snmpd')`. It also fails. – Satanowski May 11 '10 at 12:59

score 0 · Answer 3 · answered Nov 06 '11 at 20:19

0

You might also use backtick operator to achieve the same thing. I confirm it works while exec doesn't.

$out = `ps -aux|grep pianobarfly|grep -v grep`;

answered Nov 06 '11 at 20:19

drseergio

1

1

the use of $( ... ) is preferred these days. – user9517 Nov 07 '11 at 11:21

score 0 · Answer 4 · answered Nov 06 '11 at 20:45

Probably selinux. SELinux restricts the domain that httpd runs in so it can only view its own processes.

You can either:-

Turn off selinux (wouldnt recommend that) - setenforce 0
Make httpd not use selinux (not recommend that either because httpd is a likely attack vector) setsebool -P httpd_disable_trans = 1. Restart httpd.
Change the policy to permit seeing processes in /proc.

This should do it:-

policy_module(myhttpd,1.0.0)

gen_require(`
    type httpd_t;
')

kernel_read_system_state(httpd_t);

Install selinux-policy-devel from yum.

Then run the command "make -f /usr/share/selinux/devel/Makefile load" to insert the new module.

You should see an immediate result.

Apache+PHP problem: Cannot list processes other than apache's

4 Answers4