Can't run PHP exec() on command line

Question

Hoping someone can help me out here. Trying to run any command using exec() returns 126 and displays the same error message. I've narrowed it down to this pretty minimal test case.

root@test:~ $ sudo -u asterisk php -r 'exec("ls /", $out, $result); var_dump($result);'
sh: /bin/ls: Permission denied
int(126)

root@test:~ $ sudo -u asterisk ls /
bin  boot  dev  etc  home  lib  lib64  lost+found  media  mnt   opt   proc  root  sbin  selinux  srv  sys  tmp  usr  var

root@test:~ $ su -lc 'php -r '\''exec("ls /", $out, $result); var_dump($result);'\' asterisk
This account is currently not available.

• SELinux and PHP safe mode are not enabled
• permissions are fine on / , /bin/ , and /bin/ls
• asterisk is a system user created with this command: adduser -d /var/lib/asterisk -M -r -s /sbin/nologin asterisk
• it works fine via Apache, which runs as this user

Every attempt to run any command returns permission denied and 126 as $? . The PHP config is pretty much as it shipped (Scientific Linux 6.7, PHP 5.4 via Remi package.)

Would appreciate some assistance (preferably the kind that would require some arcane knowledge, not the kind that means I missed something blindingly obvious!)

Edit: I can get it to work using su if I give the user a login shell:

root@test:~ $ usermod -s /bin/bash asterisk
root@test:~ $ su -c 'php -r '\''exec("ls /", $out, $result); var_dump($result);'\' asterisk
int(0)

However, this isn't my code so changing all the use of sudo to su is not likely to happen. Also, there shouldn't be anything stopping PHP from running this without a login shell.

Answer 1

You probably have enabled sudo option NOEXEC .

When this option is active, you can run command with high privilege, but cannot spawn other commands. This is (AFAIK) required to avoid an exploiter to gain a shell. Since you are using the asterisk user, this also makes much sense.

In your case, PHP command is granted the execution as asterisk user, but when it tries to spawn with exec , the command cannot be executed and it returns 126 .

EDIT (as in comment below)

Adding this line to sudoers will solve this issue:

root ALL = (ALL) EXEC: ALL

Answer 2

Your account doesn't have permission to run bash commands.

As you know int(126) return the status of the executed command. From the bash man page :

If a command is found but is not executable, the return status is 126.

Try running ls directly from your asterisk user to see if it works.

If it doesn't work then check the permissions on your asterisk user and see if you have the necessary permissions. If you don't have the permissions, just use chmod to give your asterisk user permission. You should also try and create a new user and see if this command works with that user.

Edit : Since your asterisk account does not have a shell, you cannot execute shell commands from it.

Answer 3

Coming back to provide another answer to my own question a couple of years later. As the accepted answer supposed, I had set this in my file:

Defaults noexec

And I fixed this by overriding it for the root user.

But a better solution would be to apply the defaults only to the targeted user:

Defaults:admin noexec

This way the setting would not have affected the asterisk user I was having problems with in my question!