1

I am trying to run a command line file conversion using open office.

openoffice pdf filename.doc 2>&1

when i execute in command line as root it works fine and the file is converted. However when i pass the above command in a PHP file as apache user, it does not execute.

I tried all three PHP command line execution:

$command_output=system($command_line,$rtnval);
$command_output=exec($command_line,$rtnval);
$command_output=passthru($command_line,$rtnval);

Also, 

echo print_r($rtnval); 
echo print_r($command_output);

$rtnval returns 1 and $command_output 1. I am confused unable to know what is the linux (centos) response to above command passed. It is very frustration because unable to know what the system response when i try to execute the command.

I also included /etc/suders permission for apache to run the open office command.

apache ALL: (ALL) NOPASSWD: /path/to/openoffice

still the command is not execute in PHP as apache user.

What am i missing for PHP as apache user not to execute this command?

Peter
  • 3,916
  • 1
  • 22
  • 43
user914425
  • 16,303
  • 4
  • 30
  • 41
  • 1
    Have you tried it on the command line as the Apache user? – Pekka Nov 21 '11 at 22:17
  • What's the command you are trying to run? Also you can echo out the error output using " 2> error.txt" – jakx Nov 21 '11 at 22:18
  • Have you tried other commands than 'openoffice'? I would recommend su-ing to apache and trying to run the command, just to rule out any issues. – Jonathan Nov 21 '11 at 22:22
  • Jonathan, can you provide a sample for su-ing for apache? Can someone explain this command: // $wv_command_output = passthru("touch /root/temp.tmp | sudo /usr/bin/php -f /util/wvPDF.php"); – user914425 Nov 22 '11 at 17:58

3 Answers3

2

It could be that openoffice is not in PATH. Try to execute it with the full path.

Karoly Horvath
  • 94,607
  • 11
  • 117
  • 176
  • I did give the pull path to openoffice. I am getting somewhere where i change the command to : sudo /path/to/openoffice/openoffice pdf filename.doc 2>&1 i am getting following commandline output: sudo: sorry, you must have a tty to run sudo – user914425 Nov 22 '11 at 18:55
2

To run your command as if you were the apache user, just try this in a shell:

# switch to superuser
sudo su -
# then switch to the apache user
su - www-data

You will find yourself in a quite restricted shell, from which it is usually not possible to start openoffice. Indeed, it requires a lot of environment, that would be unsafe to completely set up for apache anyway.

AFAIK, better create a dedicated user that is allowed to run your command (eg a regular "www-runner" user), then "su" to it from PHP. Other security measures include chroot'ing the dedidacted user, or using apparmor to limit what and where it is allowed to run. In any case, never let www-data run something as root by adding www-data to the sudoers: this is way too dangerous!

You can also have a look at libapache2-mod-suphp (a suid apache module to run php scripts with the owner permissions).It is easier to use than the dedicated suEXEC apache beast (http://httpd.apache.org/docs/2.0/suexec.html). The latter really is not for a quick fix ;)

MoonSilex
  • 61
  • 2
1

It is possible that your php in apache runs in safe mode or what's it called, in which system() function and alike are disabled.

This answer, actually, assumes that what you call "running as apache user" is in fact running in apache environment, whatever it is.

Michael Krelin - hacker
  • 138,757
  • 24
  • 193
  • 173
  • Michael, can you clarify the difference between running as apache user and apache environment? By the way, system command works with another ghostscript command such as "gs -q -dNOPAUSE -dBATCH -dSAFER -sDEVICE=tiffg3 -sOutputFile=${input_file_tif} -f $input_file". Can you explain why print_r($command_output) return just 1? – user914425 Nov 21 '11 at 22:39
  • If it works for another command, then it's not the case (running cli php as apache user is not the same as running script from either apache php module or fastcgi or cgi - they all may use different config files). – Michael Krelin - hacker Nov 22 '11 at 09:27