If you say it works on the terminal and not on apache then apache's php.ini file may be disabling the use of shell_exec().

See http://www.php.net/manual/en/ini.core.php#ini.disable-functions

Your apache's php.ini file may look something like

disable_functions=exec,passthru,shell_exec,system,proc_open,popen

Remove shell_exec from this list and restart the web server, although this is a security risk and I don't recommend it.

The Apache’s user www-data need to be granted privileges to execute certain applications using sudo.

1. Run the command sudo visudo. Actually we want to edit the file in etc/sudoers.To do that, by using sudo visudo in terminal ,it duplicate(temp) sudoers file to edit.
2. At the end of the file, add the following ex:-if we want to use command for restart smokeping and php command for another action in your question,

www-data ALL=NOPASSWD: /etc/init.d/smokeping/restart, usr/bin/php

(This is assuming that you wish to run restart and php commands using super user (root) privileges.And you use php command in usr/bin/ path )

However, if you wish to run every application using super user privileges, then add the following instead of what’s above.You might not want to do that, not for ALL commands, very dangerous.

www-data ALL=NOPASSWD: ALL

3.After edit the sudoers file(by visudo we edit the temp file of sudoers so save and quit temp file(visudo) to write in sudoers file.(wq!)

4.That’s it, now use exec() or shell_exec in the following manner inside your xxx.phpscript.keep remember to use sudo before the command use in the php script.

ex:-

exec ("sudo /etc/init.d/smokeping restart 2>&1");

or

shell_exec("sudo php -v"); 

So in your problem,add the commands that you wish to use in to the step no (2.) as I add and change your php script as what you want.

here is the same problem as yours https://stackoverflow.com/a/22953339/1862107

By the looks of it your PATH variable only includes /bin. This only allows you to run executables within that directory. There are a few ways to fix this.

Method 1: Configure the web server environment varibles

If you are running apache, you can simply edit /etc/apache2/envvars to include a PATH varibale definition. Edit the file and add a new line to the bottom (if it doesn't already exist):

# /etc/apache2/envvars
...

export PATH="/bin:/usr/local/bin"

Method 2: Configure the PATH for the user

Alternatively, if you are running the web server as a user other than a service user, that user may not have their PATH properly configured. This is as simple as changing their environment variables for the user and the web server will inherit it (unless defined otherwise in the web server's configuration).

First step is figure out which user your web server is running as. If you don't know, you can check list the running processes to find the user. This can be accomplished by running the following command:

ps aux|grep {webserver}|grep -v grep Where {webserver} is replaced with the web server you are currently running. (apache/httpd, nginx)

Alternatively, you can check in of the following config files:

• /etc/httpd/conf/httpd.conf - CentOS Apache
• /etc/apache2/apache2.conf - Ubuntu/Debian Apache
• /etc/nginx/nginx.conf - nginx config

(There are many other possible configurations, but these are the most common)

Once you've found out which user you're running as, you will need to then set the PATH variable for that user. This could be as simple as exporting the PATH in their home bash configuration. This could be /home/bob/.bashrc for example. Service users without a home will be different however.

Method 3: Declare the PATH within your PHP script

You can manually specify the PATH variable within your PHP script. This can be accomplished by adding the following line to your script:

<?php

putenv('PATH=/bin:/usr/local/bin');
...

You will need to change the PATH to suit your needs, and it will need to be declared before you call shell_exec().

This method isn't preferred as you will need to specify this for each PHP script you execute that makes use of the shell_exec() call to binaries outside of /bin, but it is a quick one off solution that will work.

More importantly, you are writing code that is not portable and is dependent on a specific system. This is bad coding practice and is not recommended/frowned upon.

The question is a bit old, but for those who experience this problem can try to set the environment variables of direct on the server. PHP uses the putenv () function.

Example:// Set Variable Enviromental

$JAVA_HOME = "/usr/lib/jvm/java-8-oracle"; 
$ANDROID_HOME = "/opt/android-sdk-linux";
$PATH="$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/bin:$ANDROID_HOME/platform-tools:$ANDROID_HOME/tools:$ANDROID_HOME/build-tools/24.0.0-preview";

putenv ("JAVA_HOME = $JAVA_HOME"); 
putenv ("PATH = $PATH");

On the php manual for shell_exec, it shows that the function returns the output as a string. If you expect output from the program you launch, you need to capture this like so:

$execQuery = "echo -n test_command";
$output = shell_exec($execQuery);
echo $output;

Your question doesn't show trying to capture any data. If you also make sure to connect stdout and stderr when you run your command, you should get a better idea is what is going on. To use your example:

$output = shell_exec("/usr/bin/oneuser create test10 test10 2>&1");
var_dump($output);

That should help you see what is going on. As Shadur suggests, it seems likely that these programs expect an interactive terminal that can enter passwords in order to run. Even if don't need input, they might expect interactive shells. And he's right that su doesn't play nice in this context. There is, however, a correct tool for the job.

You can setup sudo to such that your http user can execute your program as username without a password but NOT be able to do anything else by running visudo or whatever you use to edit your sudoers file and adding this line:

http    ALL=(username) /usr/bin/oneadmin

Then in php your command would look something like this:

$execQuery = "sudo -u username /usr/bin/oneadmin postgres -c '/usr/bin/oneuser create test10 test10'";
$out = shell_exec ("$execQuery 2>&1");
echo $out

There's multiple problems here.

1. Do people even read the error messages they get?
2. Don't use shell commands to read a file to a variable! Use fopen.
3. Don't do globbing. Globs are expanded by the shell, but PHP is not a shell, so it doesn't do globbing. It hands your exact command off to the shell, and asks the shell to execute it. And yes, *-release is a valid filename.

    [~]$ ls -la /tmp/\*-releases 
    -rw-r--r-- 1 vidarlo users 0 Jun 23 10:16 /tmp/*-releases
    [~]$ 

4. Globbing potentially opens you to attacks. If you glob, you have no control over what files you end up reading. That's a potential security issue. Probably not in this case, as you're reading from /etc, but...
5. You lack a basic understanding about your environment, when you expect that modifying a path parameter will change anything - the problem is not that cat command is not found, it's that the file you give as parameter is not found... A general understanding of the platform is a good starting point for programming.
6. putenv('/etc'); is not how putenv works. Environment variables are generally key=value-pairs.
7. Don't post it on serverfault. It's not about managing IT, it's purely about programming. Additionally, you should probably spend some time to learn the platform you're working on.