asterisk users - Feb 2018 - AGI fails bad permission

Launched AGI Script /var/lib/asterisk/agi-bin/adddnc.php
 adddnc.php: Failed to execute '/var/lib/asterisk/agi-bin/adddnc.php':
Permission denied
The file is of course chmod +x /var/lib/asterisk/agi-bin/*.php
Selinux is disabled
asterisk is running as root with
live_dangerously=yes
in asterisk.conf
The box is Centos 7
What can possibly be causing this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20180223/d11a45a8/attachment.html>

On Fri, 23 Feb 2018, Saint Michael wrote:
> Launched AGI Script /var/lib/asterisk/agi-bin/adddnc.php
> ?adddnc.php: Failed to execute
'/var/lib/asterisk/agi-bin/adddnc.php': Permission denied
> The file is of course chmod +x?/var/lib/asterisk/agi-bin/*.php
This is how a sysadmin opened up a web server to compromise a decade or 2 
ago. The CGI directory contained some flawed SGI CGIs that had been 
disabled by fiddling with the permissions.

More information may yield a clue.

1) ps -aef | grep asterisk | grep --invert-match grep

2) sudo grep 'astagidir' /etc/asterisk/asterisk.conf

3) grep adddnc /etc/asterisk/extensions.{ael,conf}

4) head --lines=1 /var/lib/asterisk/agi-bin/adddnc.php

5) ls -l $(head --lines=1 /var/lib/asterisk/agi-bin/adddnc.php\
 	| awk '{print substr($1, 3, 255)}')

6) sudo /usr/bin/php (or wherever you keep php) \
 	/var/lib/asterisk/agi-bin/adddnc.php </dev/null

7) Check the 'r' and 'x' bits on /var/, /var/lib/,
/var/lib/asterisk/,
/var/lib/asterisk/agi-bin/.

8) cat /var/lib/asterisk/agi-bin/adddnc.php

-- 
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards       sedwards at sedwards.com      Voice: +1-760-468-3867 PST
             https://www.linkedin.com/in/steve-edwards-4244281