AWS EC2 Apache 用户无法运行 php exec

Question

I am using the following PHP script to send an email from my server. I need to send an email to the admin when a new record is created in the DB. So within the same php script that updates the DB, I want to trigger the other script that sends the email.

Problem is no matter what I do, apache will not execute the email script when requested from the web/api.

However, when I run php sendemail.php from the command line it works. Also when I run php updatedb.php which includes the exec('php sendemail.php') also works from the command line (these are all executed with root "ec2-user").

Things I tried:

1. I checked the disabled functions in php.ini and it is empty, nothing is disabled.
2. I tried changing file permissions to include 'x' for the apache group still no go.
3. I tried replacing exec with shell_exec , and include , no luck.

Here is 'sendemail.php':

<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'vendor/autoload.php';

use Aws\Ses\SesClient;
use Aws\Exception\AwsException;

$SesClient = new SesClient([
    'profile' => 'default',
    'version' => '2010-12-01',
    'region'  => 'us-west-2'
]);

$sender_email = 'sender@example.com';
$recipient_emails = ['recipient1@example.com','recipient2@example.com'];

$configuration_set = 'ConfigSet';

$subject = 'Amazon SES test (AWS SDK for PHP)';
$plaintext_body = 'This email was sent with Amazon SES using the AWS SDK for PHP.' ;
$html_body =  '<h1>AWS Amazon Simple Email Service Test Email</h1>'.
              '<p>This email was sent with <a href="https://aws.amazon.com/ses/">'.
              'Amazon SES</a> using the <a href="https://aws.amazon.com/sdk-for-php/">'.
              'AWS SDK for PHP</a>.</p>';
$char_set = 'UTF-8';

try {
    $result = $SesClient->sendEmail([
        'Destination' => [
            'ToAddresses' => $recipient_emails,
        ],
        'ReplyToAddresses' => [$sender_email],
        'Source' => $sender_email,
        'Message' => [
          'Body' => [
              'Html' => [
                  'Charset' => $char_set,
                  'Data' => $html_body,
              ],
              'Text' => [
                  'Charset' => $char_set,
                  'Data' => $plaintext_body,
              ],
          ],
          'Subject' => [
              'Charset' => $char_set,
              'Data' => $subject,
          ],
        ],
        'ConfigurationSetName' => $configuration_set,
    ]);
    $messageId = $result['MessageId'];
    echo("Email sent! Message ID: $messageId"."\n");
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo("The email was not sent. Error message: ".$e->getAwsErrorMessage()."\n");
    echo "\n";
}

a short version of the updatedb.php file, omitting all transactions:

<?php
    exec('php send_email.php', $sendEmail);
    require_once 'response.php';
    $response = new response();
    $response->setHttpStatusCode(201);
    $response->setSuccess(true);
    $response->addMessage('DB Record Inserted successfully ::: ');
    $response->setData($sendEmail);
    $response->send();
?>

in the updatedb.php file, if I change the first line to echo exec('whoami') and hit it from the web it works. Which is what I am looking for exactly except that I want to work for php sendemail.php

Environment: AWS EC2 Amazon Linux 2 AMI. PHP 7.2.34

I hope it is clear. I am beginner with linux. Please help. Thanks in advance to all.

Answer 1

Thank you so much @Riz your tip about sudo -u apache php sendemail.php saved my day! I was able to debug on the command line and it turns out that my mistake was with the line require 'vendor/autoload.php'; in my original sendemail.php script I was requiring the file from a directory that did not belong to the apache group. So, once I moved the vendor folder to the same folder as the sendemail.php script file everything worked great!

Lesson learned: Make sure all required/included files belong to the apache group. There was no need to grant apache any execution permissions on any file.