How to Check What User PHP Is Running As

How to check what user php is running as?

If available you can probe the current user account with posix_geteuid and then get the user name with posix_getpwuid.

$username = posix_getpwuid(posix_geteuid())['name'];

If you are running in safe mode however (which is often the case when exec is disabled), then it's unlikely that your PHP process is running under anything but the default www-data or apache account.

How do I find out, which user is running the current php script?

Execute whoami:

<?php echo exec('whoami'); ?>

Under which user are PHP scripts running?

Execute this custom PHP Script. Supports (PHP 4, PHP 5, PHP 7)

<?php
echo 'Current script owner: ' . get_current_user();
?>

PHP running as apache user, isn't a member of any LDAP groups of which apache is a member

Turns out I didn't have a problem at all. Someone had change the primary group of the apache user to my remote group (groupa in my example), so when apache ran as apache:apache according to the httpd.conf file, it was overwriting that primary group. As apache wasn't actually a member of groupa other than that, it was appearing to drop the group.

PHP: get_current_user() vs. exec('whoami')

  1. get_current_user() (should) return the owner of the file, which is firstnamelastname in this case. There have been reported issues that this function is inconsistent between platforms however. As such, I would not trust its output. daemon is the user Apache is running as.
  2. The owner of the PHP script is the user who owns the file itself according to the operating system. You can run ls -la in the directory your scripts are in to find the user and group the file belongs to.
  3. Whichever user you're editing your scripts with needs to be able to write it, so most likely, firstnamelastname (+rw).
  4. For the folder itself, you should have +rx (execute and read) for daemon and for the PHP file, +r (read). On my installation of XAMMP, they've done this by setting everything in htdocs as public readable, thus daemon can read it, but not write to it.
  5. Mac has a root account that typically owns the htdocs or www directory. It fills the role of a traditional unix root user.

Here is some information on the file owners/groups and the process owner:

host:~$ ls -l /Applications/XAMPP/xamppfiles/htdocs
drwxr-xr-x 3 root admin  4096 2015-01-01 00:01 .
drwxr-xr-x 3 root admin  4096 2015-01-01 00:01 ..
-rw-r--r-- 1 firstnamelastname admin   189 2015-01-31 20:45 index.php

host:~$ ps aux | grep httpd | head -n1    
daemon          45204   0.0  0.1  2510176  10328   ??  S    Tue11AM   0:01.38 /Applications/XAMPP/xamppfiles/bin/httpd -k start -E /Applications/XAMPP/xamppfiles/logs/error_log -DSSL -DPHP

If you wanted to make a file writeable by the daemon user, you can create a new folder and name it as the owner with the group admin (so you can use it too), and give it +rwx for the user and group, with +rx for public:

host:~$ cd /Applications/XAMPP/xamppfiles/htdocs
host:htdocs$ mkdir some_dir
host:htdocs$ chmod 775 some_dir

Related Topics

PHP Get All Subdirectories of a Given Directory

PHP MySQLi Prevent SQL Injection

How to Check What User PHP Is Running As

How to Check If an Array Contains a Specific Value in PHP

Get Data from Json File With PHP

Codeigniter Displays a Blank Page Instead of Error Messages

Codeigniter: Create New Helper

Cors Not Working PHP

Avoid Resending Forms on PHP Pages

PHP: How to Check If Image File Exists

How to Remove the Querystring and Get Only the Url

Utf-8 Bom Signature in PHP Files

How to Get Const'S Defined on a PHP Class

Replace a Whole Line Where a Particular Word Is Found in a Text File

How to Check If an Email Address Is Real or Valid Using PHP

Obfuscate PHP Code

Get the Current Script File Name

Run Bash Command from PHP


Leave a reply



Submit