I've used system($cmd) for years with very reliable results until F17 and PHP 5.4.4. The programs execute, ok, but they can't see any files in directories owned by root, regardless of permissions. PHP itself can read root-owned files, but not shell_exec() programs. I run apache as a specific user and when I log in as that user, the commands work fine from the command line, but when they execute from the shell_exec() call, they can't find files the programs are trying to read from.
$tmplist = `/bin/ls /tmp`;
$tmplist = `/bin/ls /`;
returns a full listing of the root directory.
There are many files in /tmp when I execute "/bin/ls /tmp" from the command line, but they don't show up when ls is executed from PHP. I have tried system(), shell_exec(), backticks, and exec(). All have the same result. Commands execute. "/bin/env" lists the environment variables the shell_exec() runs with, "/bin/whoami" outputs the web server's user name. It's just when the executed program tries to read a file in a directory owned by root, it thinks they don't exist. I first saw this when a program errored with "No such file or directory" when trying to read from a file that I KNEW was there (same command found it from the login shell).
I'm assuming this is a security "feature" of the new PHP or F17, but I can't find anything about it in the Google machine. Sounds like an Selinux thing, but Selinux is disabled. Anyone know what's causing this?
EDIT: I just tried CGI script (perl) and same problem, so it's apache/system config, not PHP! Still looking...