PHP shell_exec, permission denied for executing -rwxrwxrwx shell script

Andrea Sprega picture Andrea Sprega · Dec 29, 2011 · Viewed 13.1k times · Source

I am currently over ssh on a remote CentOS 5.6 system which runs an Apache webserver. I need to use the poppler pdftohtml binary which, unfortunately, is not currently installed on that machine. So I downloaded the poppler package and built it under my user folder. Since I I am not the system admin, I didn't do

make install

and I have all my compiled files under

/users/myfolder/poppler-0.18.2/

The file that I need to execute through php shell_exec() is

/users/myfolder/poppler-0.18.2/utils/pdftohtml

If I execute it through my ssh bash, I get the correct output. If I, instead, put this line on a php script:

echo shell_exec("/users/myfolder/poppler-0.18.2/utils/pdftohtml");

I get the following output:

sh: /users/myfolder/poppler-0.18.2/utils/pdftohtml: Permission denied

I tried setting to 777 the file permissions, which currently are -rwxrwxrwx. I also noticed that using shell_exec("whoami"); results in "apache". Shouldn't apache be able to execute the script if the file permissions are -rwxrwxrwx?

I also know that installing poppler through make install would solve the problem but since this is for testing purpose, I would like to avoid "contaminating" the system outside my personal folder until the testing is complete.

Thanks to anyone who will help!

Answer

Jory Geerts picture Jory Geerts · Dec 29, 2011

Just because a file is executable for a user does not mean that user is actually able to execute the file. The user needs to also be able to 'get to' the file: The user needs execution permission for all 'parent directories', in your case for /users, myfolder, poppler-0.18.2 and utils.

Assuming /users is the same basic thing as /home, everybody should have +x on that. From there, you can set it: simply do chmod o+x /users/myfolder /users/myfolder/poppler-0.18.2 /users/myfolder/poppler-0.18.2/utils

(Note: This will make it possible for everybody to execute this binary, not just Apache.)

If the apache user and you share a group, it would be better to use chown the poppler directory and everything in to be owned by that group, and set g+x instead of o+x.