Hi I'm using the shell_exec command from a PHP script:
$output = shell_exec('ls -l');
print_r($output);
Terminal: php test.php
Which results in the directory listing as expected.
Switch to my browser I get no output.
I need to grant privileges to the user 'apache' so that it can execute certain commands, or add the user to a group with such privileges. I know how to add users to groups etc, I was just wondering what the best practice method is of granting such privileges to the apache user.
If you execute ls -Z in the desired directory, you will see which the SELinux permissions for that directory.
To allow the httpd/apache daemon to access that directory you can execute (the -R option is for make it recursive):
chcon -Rv --type=httpd_sys_content_t /desired/path
Hope it helps.
This took me a while to figure out so it may be of benefit to others.
The problem was that I was trying to give the apache user privileges in /etc/sudoers and SELinux was (quite rightly) denying them.
So I quickly disabled SELinux for httpd and all was working.
This is far from an ideal situation though for a public web server.
As for best practices audit2allow should be used to set permissive operations.