Home / server / Questions / 198657
Accepted
Michael
Asked: 2010-11-06 07:44:38 +0800 CST

centos , linux , apache permission issue

  • 772

I have a php file which executes a shell script

$ip_access = $_GET['ip_access'];
// run knock app
exec("/home/knock.sh ".$ip_access);

however when I access it I receive the following error in the logs "sh: /home/knock.sh: Permission denied" I created a new user and added it in the apache httpd.conf file but is still not working . Any advice how to set the permissions or how can I grant more access to the user to make it work would be highly appreciated .

linux permissions chmod

2 Answers

  1. Best Answer

    If you are running the script as the appropriate user, you may need to add the execute permission +x to the file. You can do it using:

    chmod +x /home/knock.sh

    As an alternative, you can use the following command (no need to add execute permission):

    exec("bash /home/knock.sh ".$ip_access);
    • 0

  2. Check what mode you're running SELinux in.

    getenforce

    If you're running in Enforcing mode, you can troubleshoot SELinux problems by disabling SELinux temporarily:

    setenforce 0

    If the script runs, re-enable SELinux with setenforce 1 and start looking for where the problem is with your configuration versus the system's SELinux security policy.

    If you're running in Enforcing mode, which is the default, you'll need to change the context of that file, because Apache can only execute files with the httpd_script_exec_t label by default. You'll want to run:

    semanage fcontext -a -t httpd_script_exec_t /home/knock.sh
fixfiles restore /home/knock.sh

    Afterwards, verify the script's SELinux context:

    ls -lZ /home/knock.sh

    If you're running in Enforcing mode and this still doesn't work, check your audit logs at /var/log/audit/audit.log.

    • 0