PHP command not executed system(), exec() or passthru()

Question

I am trying to run a command line file conversion using open office.

openoffice pdf filename.doc 2>&1

when i execute in command line as root it works fine and the file is converted. However when i pass the above command in a PHP file as apache user, it does not execute.

I tried all three PHP command line execution:

$command_output=system($command_line,$rtnval);
$command_output=exec($command_line,$rtnval);
$command_output=passthru($command_line,$rtnval);

Also,

echo print_r($rtnval); 
echo print_r($command_output);

$rtnval returns 1 and $command_output 1. I am confused unable to know what is the linux (centos) response to above command passed. It is very frustration because unable to know what the system response when i try to execute the command.

I also included /etc/suders permission for apache to run the open office command.

apache ALL: (ALL) NOPASSWD: /path/to/openoffice

still the command is not execute in PHP as apache user.

What am i missing for PHP as apache user not to execute this command?

Answer 1

It is possible that your php in apache runs in safe mode or what's it called, in which system() function and alike are disabled.

This answer, actually, assumes that what you call "running as apache user" is in fact running in apache environment, whatever it is.

Answer 2

It could be that openoffice is not in PATH. Try to execute it with the full path.

Answer 3

To run your command as if you were the apache user, just try this in a shell:

# switch to superuser
sudo su -
# then switch to the apache user
su - www-data

You will find yourself in a quite restricted shell, from which it is usually not possible to start openoffice. Indeed, it requires a lot of environment, that would be unsafe to completely set up for apache anyway.

AFAIK, better create a dedicated user that is allowed to run your command (eg a regular "www-runner" user), then "su" to it from PHP. Other security measures include chroot'ing the dedidacted user, or using apparmor to limit what and where it is allowed to run. In any case, never let www-data run something as root by adding www-data to the sudoers: this is way too dangerous!

You can also have a look at libapache2-mod-suphp (a suid apache module to run php scripts with the owner permissions).It is easier to use than the dedicated suEXEC apache beast (http://httpd.apache.org/docs/2.0/suexec.html). The latter really is not for a quick fix ;)