gmuldoon wrote:
Help please.
Setup: RH EL3, PHP 4.3.5, Apache 1.3.29 running as user "nobody".
Have a bash script named shell_script.
Telnet to server as user "nobody" ("nobody" having been given /bin/bash
as temp shell), can run this script from command line, no problems.
Created a php script including the line:
system ("/path/to/shell_script");
but get error message in apache error logs:
/bin/bash: /root/.bashrc: Permission denied
Appears that PHP is using root environment rather than "nobody" env?
phpinfo seems to list env vars for root under the "Environmen t" section.
Will compiling PHP as "nobody" instead of root solve or cause other
probs?
Geoff M
You could change the permissions of /root/.bashrc to global read
therefore your script would be able to read/initialize - however I
cannot understand as to why your script would have the dependancy on
this if its being run from user 'nobody'. Try running a simple
'/bin/touch /tmp/myTestFile' from your php script and then check and see
the ownership of /tmp/myTestFile.
To make the .bashrc file read to the world, try (from root)
# chmod a+r /root/.bashrc
Depending on the contents of the .bashrc file, a hacker would be able to
read this file and potentially gain additional information on your
system, though I would gather that if they have access to your system
anyway, the .bashrc file alone is the least of your problems...
I hope something above helps... You might re-post with a cross post both
here in the PHP ng and comp.infosystem s.
www.servers.unix as someone with
Apache knowledge might throw in an extra piece of info...
laters
randelld
