How to test your PHP code as the www-data user

Apart from running web applications, PHP can execute commands via a shell. But testing your shell script can be tricky, especially when running it as a different user. This post will look at how you can sudo or su as the www-data user to test your PHP code.

Why the user important

For example, running an Apache user will produce different results from the root user. Note that the Apache user is also known as the www-data user. And, the www-data user does not have the same privileges as the root user.

How do you execute commands via the shell?

The exec() function is one of the popular functions for executing system-related commands. You can also use the shell_exec() function. Both functions execute commands via the shell. But the response from each is slightly different.

root vs. www-data user

A root user in any system is the primary user with all the permissions to read, write and execute commands. A www-data user is a user that web servers make use of by default for any operation. The web server can only access the files that the www-data user can access. Of course, Linux allows you to sudo or us as the www-data user. So naturally, this post will show you how to do that.

What is the PHP exec function?

The exec() function is a PHP inbuilt function that executes an external program. It returns the last line of the output as a string or FALSE if the command fails.

Syntax:

exec($command, $output, $return_var ) : string|false

Parameters:

  • $command – This is the command that the exec() function will execute.
  • $output – This is the parameter that specifies the array that will be filled with the command output.
  • $return_var – This parameter returns the status of the executed command.

What is the PHP shell_exec function?

The shell_exec() function executes an external program. It returns the complete output as a string. Shell exec will also return false if no pipe could be established. Finally, it can return null if an error occurs or if the command produces no output.

Syntax:

shell_exec(string $ command): string|false|null

Parameters:

  • $command – This is the command that exec() function will execute.

How to determine the user shell_exec() or exec() is running as?

This script will output the username of the running PHP process owner:

<?php
$output=null;
$return_var=null;

exec('whoami', $output, $return_var);

echo "Returned with status $return_var and output:\n";
print_r($output);
?>

The output for the above code will be something like this:

Returned with status 0 and output:
Array
( 
    [0] => Santo
)

You could also use PHP’s get_current_user() function:

<?php
echo 'Current script user: ' . get_current_user();
?>

How do run your code using sudo or su as the www-data user?

Login in as the Apache (www-data) user on your Linux box using the following SSH command:

sudo su -s /bin/bash www-data

This will, in turn, create temporary access as the www-data user for testing shell commands. You can now run your PHP script as the www-data user and test it. Finally, type ‘exit’ to return to your logged-in user.

YouTube player

Wrapping up

You should now be able to run your PHP script as the www-data user. Additionally, you can determine which user your script’s run as.

Let us know in the comments below if this post helped you. Also, make sure you follow us on Twitter because we share tons of awesome tips there.

You may also like

Source:

About Anto Online

Anto, a seasoned technologist with over two decades of experience, has traversed the tech landscape from Desktop Support Engineer to enterprise application consultant, specializing in AWS serverless technologies. He guides clients in leveraging serverless solutions while passionately exploring cutting-edge cloud concepts beyond his daily work. Anto's dedication to continuous learning, experimentation, and collaboration makes him a true inspiration, igniting others' interest in the transformative power of cloud computing.

View all posts by Anto Online

2 Comments on “How to test your PHP code as the www-data user”

  1. Hi there to all, how is the whole thing, I think every one is
    getting more from this web page, and your views are fastidious designed for new viewers.

  2. I’m impressed, I must say. Seldom do I encounter a blog that’s both educative and
    engaging, and let me tell you, you have hit the nail on the
    head. The issue is something which not enough people are speaking intelligently about.
    I am very happy that I came across this during my search for something concerning this.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.