Allow Apache user to check service status

Question

I have a php script that checks if a service is running or not. Here is the code to check the service.

function isClientActive() {
    exec("systemctl is-active --quiet MyService", $output, $return);
    return $return == 0;
}

This function works fine if I run script from CLI no matter if user has sudo rights or not. How ever When I call this script with apache user using web browser This function always retuns false. So I added 2>&1 at the end of the cmd and printed the output in browser and the output says "sh: systemctl: command not found".

So How I can allow apache user to call systemctl to get service status.

The question is not about executing a command as root. Its just a command that is not available for a specific user.

Who owns the CLI script? Who owns the browser script? It's a safe bet the owner of these processes is different so you will have to give the wen page the same permissions. — Jay Blanchard, Aug 05 '20 at 16:01
@JayBlanchard The script is owned by root. and is executed by apache user — Amarjit Singh, Aug 05 '20 at 16:05
Its not the permissions issue. As I said non-root users are also able to run the script. — Amarjit Singh, Aug 05 '20 at 16:08
Is the apache user specifically part of the group of non-root users that is allowed? — Jay Blanchard, Aug 05 '20 at 16:10
I Created a normal user and executed the script and it worked there is not any group known as "non-root". — Amarjit Singh, Aug 05 '20 at 16:12
You called them that, not me. It is most definitely a permission issue. Specifically, the apache user does not have permission to run the script. — Jay Blanchard, Aug 05 '20 at 16:14
What is the owner and group on the script? What is the owner and group of the web page? — Jay Blanchard, Aug 05 '20 at 16:16
That looks like the permissions are screwed up. I have never seen `-S` in a permissions string before. Do a `chmod 755 index.php` and post the results. The valid file permissions are typically `r`,`w`, and `x` for read, write and execute — Jay Blanchard, Aug 05 '20 at 16:23
The apache user is able to execute the PHP script that's why I am able to see the output from exec function. Otherwise, I will be seeing the php code in the browser or 500 or 403 error in browser — Amarjit Singh, Aug 05 '20 at 16:25
Without having the ability to look over your shoulder it is going to be hard to troubleshoot this, especially if you're not willing to acknowledge that there is a permissions issue. You're also forcing `$return` to be 0 when returning from the function, which effectively returns false. Have you tried `shell_exec()`? — Jay Blanchard, Aug 05 '20 at 16:33
@JayBlanchard you were right it was an issue with permissions. I came to know when I executed the systemctl with its full path like `/usr/bin/systemctl`. Then I saw the permissions Error. Otherwise I was thinking Its kind of scope issue ie the command systemctl is not available to apache user. — Amarjit Singh, Aug 05 '20 at 22:04
the permissions of the script are irrelevant. Only the Apache process user matters. That is if you use mod_php. If you use php-fpm then you need to set the user/group the cgi will run as, it might not be the same as apache. Exec `whoami` from the script and see what it says. — Capsule, Aug 06 '20 at 06:20

Allow Apache user to check service status

0 Answers0