I am very confused and concerned about user ownership of commands launched using the PHP "exec" statement. I am running PHP 5.5 / Apache 2.2 / CENTOS 6 in cPanel / WHM with the DSO / mod_ruid handler.
In the test, I have the following php script:
<?php
echo 'whoami: ',exec('whoami'),'<br />';
echo 'user: ',exec('echo ${USER}'),'<br />';
echo 'home: ',exec('echo ${HOME}'),'<br />';
?>
When I run the script through my browser, I see the following results:
whoami: cuser
user: root
home: /root
where cuser is my cPanel system identifier and user id in the suPHP, mod_ruid and mpm-itk directives in my httpd.conf virtual domain host configuration.
In addition, my httpd.conf file assigns "nobody" as the user and group, and indeed, my httpd processes (as they return from "ps -ef | grep httpd") belong to "nobody".
, exec "whoami" "echo ${USER}" - Apache. , , exec cuser. ?
, .