Home/ Questions/Q 6656911
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T01:42:01+00:00

I have two web-servers, both on Lighttpd + php (through fastCGI). [user@box ~]$ lighttpd

  • 0

I have two web-servers, both on Lighttpd + php (through fastCGI).

[user@box ~]$ lighttpd -v
lighttpd/1.4.29 (ssl) - a light and fast webserver
Build-Date: Aug  7 2011 10:52:01
[user@box ~]$ php -v
PHP 5.3.8 with Suhosin-Patch (cli) (built: Sep 30 2011 05:34:36) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
[user@box ~]$ php-cgi -v
PHP 5.3.8 with Suhosin-Patch (cgi-fcgi) (built: Sep 30 2011 05:35:14)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies

Lighttpd and php-cgi are running under user ‘http’ with /bin/false (bogus) shell:

[user@box ~]$ cat /etc/passwd | grep http
http:x:33:33:http:/srv/http:/bin/false
[user@box ~]$ ps aux | grep "lighttpd\_php-cgi"
http      1291  0.0  1.1   5152  2816 tty1     S    Oct06   0:00 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
http      1292  0.0  1.5  14476  3904 ?        Ss   Oct06   0:00 /usr/bin/php-cgi

But I still can execute shell commands through php’s system() function (for example)!

There are no disable_functions in my php.ini.
If I execute system(“whoami”) or system(“id”) through php, I get the following:

http
uid=33(http) gid=33(http) groups=33(http)

(just as it must be).

What’s the reason that I can execute commands from the user with /bin/false as shell?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As explicitely said in the documentation, php’s system is just a binding for the system in C. From the manpage of system:

    system() executes a command specified in command by calling /bin/sh -c command

    /bin/false is just the login shell (used in conjunction with login, telnet, ssh, etc.).

    • 0