Clever Geek Handbook

Command executed in PHP with Centos7 and Apache can't connect to the network?

I am debugging my PHP application on CentOS7 using Apache. My app is a web interface for managing the Torque batch system and I used qmgr

which is the command line tool provided by Torque to do the management work.

Since only the root user can execute qmgr

, and the Apache server cannot run as the root user, I wrote the C program as a shell for anyone who can execute commands as the root user.

But PHP application always gives the following output:

 socket_connect_unix failed: 15137
 qmgr: cannot connect to server  (errno=15137) could not connect to trqauthd

This means the PHP application cannot pick up a socket connection for the Torque server connection.

Below is more information:

  • The command called by the PHP application can be executed correctly in the shell
  • The same PHP application can run correctly on a CentOS6 server with Apache
  • SELinux and firewall are disabled.
  • I tried two versions (5.1 and 4.10) of Torque, the result is the same
  • Apache and PHP are used with the default RPM for CentOS7.

I thought there are some new security restrictions that might affect Apache on CentOS7 server.

Please give me some suggestions, thanks!

+3


source to share


1 answer


I had the same problem.

This is because newer versions of Apache.httpd have the systemd property set PrivateTmp

to true by default . This makes the httpd service see the private / tmp directory, which actually maps to a different location in the filesystem instead of the real / tmp directory. PHP running in an Apache process has the same / tmp directory as the Apache service, as well as any processes created from PHP (for example, using exec or system, etc.). So when PHP calls qsub (etc.), This will see the private / tmp directory too.

This throws the error you mentioned as qsub internally uses a unix socket /tmp/trqauthd-unix

to communicate with trqauthd. But qsub sees the directory "fake" / private / tmp instead of the real one, so it cannot find the socket.



This explains why the command works when you run it manually in the console - in which case qsub sees the real / tmp directory, as opposed to the private one it sees when forked from PHP (the Apache service is running).

One solution is to simply change the property PrivateTmp

in the file httpd.service

from true to false. You can find this file in the directory /etc/systemd

. The subfolder probably depends on the linux distribution, so use the command find

to find it:

find /etc/systemd -name httpd.service
0


source






More articles:


All Articles