1

I have written a Java application that runs from the command line. I want to allow users to access this via a simple PHP web interface - it'll just allow them to specify certain parameters, and then execute the java app and return the output.

For some reason, I'm getting a 'Permission Denied' error message when I try to do anything with Java, even something as simple as:

shell_exec('/usr/bin/java -version 2>&1');

returns 'sh: /usr/bin/java: Permission denied ' when run through a browser.

If I give apache a shell account and log in as apache, I can execute this command fine.

Is there some kind of setting preventing the JVM running if there is no associated tty? How can I get this to work? I'm running PHP 5.3.2.

Thanks

Improve this question
3
  • Are you sure PHP is running as the Apache user? Commented Aug 2, 2010 at 9:35
  • Yes - I just ran 'whoami' in the script and it reported 'apache'. Commented Aug 2, 2010 at 9:37
  • 1
    safe_mode is off and the error comes from sh, so something executes (this info was on an answer that I deleted, I put it here so it doesn't get lost) Commented Aug 2, 2010 at 9:47

1 Answer 1

Reset to default
3

Your application host may be confined with a tool like AppArmor or SELinux or TOMOYO or SMACK, or similar confinement tools.

It would be very simple to confine an Apache to allow executing /usr/bin/whoami but not /usr/bin/java.

Ask your system administrator to grant access to java and your jars for you.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

They usually leave a log on unauthorized accesses... in case he's the admin he should look for them
Thanks a lot. Yes, SELinux was the problem. I wouldn't have thought of that. Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.