Enabling the use of system() function in php on RHEL 4

[Dan Coutu]

Bill McGonigle wrote:
>
> On Apr 26, 2007, at 12:46, Dan Coutu wrote:
>
>> Sorry, forgot to mention that safe_mode is set to Off. So that's not the
>> problem. I'm guessing there's some little known configuration
>> file/setting hiding someplace that I need to tweak. I distinctly recall
>> being asked when installing PHP if I wanted to enable the use of
>> functions like exec(), system(), and friends and I said no (accepted the
>> default.)
>
> Maybe it's in a SELinux policy?  Do you have it in enforcing mode?
>
> -Bill
>
No, SELinux is turned off.

FYI, it turns out that the problem was not the system call so much as
the command being used within it.

The scenario is this: I have a web form that submits to a CGI handler
which in turn invokes a program on the system. This program happens to
be setuid (the vendor requires that it run this way) and it creates a
file whose owner is the owner of the program (let's call the owner joe)
rather than apache. So we now have this file owned by joe whose
permissions allow rw only to joe and no access to anyone else. I want to
display the contents of the file in the user's web browser and so user
apache needs to have read access to the file. Well, if I try to run a
chmod from within the application (it support this activity) in order to
chmod the file to allow the world to read it this child process is
apparently run as user apache rather than user joe (all in the interest
of security I suppose). Naturally the chmod fails because it can't
change permission on a file that is owned by someone else.

Sigh, I hate debugging convoluted layers of stuff.

So it seems that the setuid application doesn't retain the same process
owner for child processes but rather reverts to it's own parent process
owner? Makes my head spin.

Thanks for the ideas!

Dan