Determining the username under which PHP is running

whoami_here.php

http://example.com/whoami_here.php

There are a variety of methods you can use to check on which account PHP is running under, though some methods may not work on some systems.

One way is to use <?php passthru("whoami"); ?>. The hosting account user id in this case was johnadoe, so that is what I saw displayed by the PHP function, confirming that PHP was running under the account that was in use for the hosting account.

You can also use <?php shell_exec("whoami"); ?>

Another alternative is <?php exec('whoami'); ?>.

Or you can use <?php echo `whoami`; ?>.

You can also use the Posix posix_geteuid function which returns an integer value corresponding to the userid you would find in /etc/password for the account.

<?php
  print posix_geteuid();
?>

You might see something like the following displayed:

2159567

You could then check for the username for the account to which that user ID corresponds in /etc/passwd.

$ grep 2159567 /etc/passwd
johnadoe:x:2159567:2159567::/home/johnadoe:/bin/bash

Note: I've found this approach did not work on the CentOS 7 systems on which I tested it. And not only didn't it work, the presence of the code in a web page terminated the further display of any HTML code for that page at the point where the code was placed. David Newcomb states in Posix PHP commands not working under CentOS 7 that none of the Posix PHP functions are available under CentOS 7 noting:

I did a bit of hunting around and I found that RHEL and CentOS distributions of Linux compiled their version of PHP without this module, sighting that it was a security hole to allowed these commands to be run.

He provdies instructions on how to install that functionality on CentOS systems in his article, if you need those Posix functions to work. In this case I didn't, but, until I found his article, I couldn't figure out why not only wasn't I seeing any results when trying to display information from those functions, but I wasn't seeing anything else output after the point where I inserted them, not even the ending body and html tags, even though the functions seemed to exist. When I encountered the problem, I inserted test conditions in the code to verify the fucntions existed:

if (function_exists('posix_geteuid')); {
  print "Function posix_geteuid exists<br>"; }
if (function_exists('posix_getpwuid')); {
  print "Function posix_getpwuid exists<br>"; }

I saw the following displayed on the web page:

Function posix_geteuid exists
Function posix_getpwuid exists

Yet I could not get any output when I tried to display a result for posix_geteuid() or posix_getpwuid(48) when I tried to see what would happen if I specified the apache user ID in the posix_getpwuid function.

Or, if posix_geteuid works, you can use the posix_getpwuid function to convert the user ID to a user name as explained by Justin Samuel at get_current_user in a comment regarding cases where you wish to get the username of the process owner rather than the username of the file owner.

<?php
  $processUser = posix_getpwuid(posix_geteuid());
  print $processUser['name'];
?>

If the code above is used, you would see johnadoe displayed on the web page.

Yet another method is to create a file on the system with PHP and test the ownership of that file, since it will be created with the owner being the account under which PHP is running. The file can be created with file_put_contents.

<?php

file_put_contents("aTestFile", "testing");
print fileowner("aTestFile");
unlink("testFile");

?>

The above method will only work if the account under which PHP is being run can create a file in the directory where the script is placed. If the script can create a file there it will create one named aTestFile with the word "testing" in it. The file will be removed after the fileowner is displayed. The fileowner will be the userid, e.g., 2159567. You can search for that user ID in /etc/passwd as in the prior example.

Since the account may not have write access to that directory, you can also use a variant of the approach immediately above. You can place the file in the /tmp directory, instead. The tempnam function can be used for that purpose. The function "Creates a file with a unique filename, with access permission set to 0600, in the specified directory. If the directory does not exist or is not writable, tempnam() may generate a file in the system's temporary directory, and return the full path to that file, including its name." E.g.:

Easy PHPeasy - PHP and MySQL for code-phobes
Easy PHPeasy
PHP and MySQL for code-phobes

<?php

$tmpfname = tempnam("/tmp", "aTestFile");
$handle = fopen($tmpfname, "w");
fwrite($handle, "writing to tempfile");
fclose($handle);
print fileowner($tmpfname);
unlink($tmpfname);

?>

In addition to the POSIX functions not working on the CentOS 7 systems, I found that the shell_exec method did not work on the CentOS 7 systems. PHP was running as apache on those systems. On those CentOS 7 Linux systems, the apache account was configured to not grant a login shell for the account. I.e.:

$ grep apache /etc/passwd
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin

The passthru("whoami") function,

echo exec('whoami')

, echo `whoami`, and tempnam methods worked on all of the systems I tested, however. See whoami_here, a text file with the code for all of the tests listed above, if you wish to try them on a system.

References: