My website is about copying files. Instead of copy the files to avoid to much time and server lagging, I decided to use overlayfs. The code mount the folder to the location specified in the terminal using the PHP interpreter. But, when I run the php script from Apache the script does not mount the overlay. And the worst is that there is no error output so I can debug what's wrong. I checked the php error log, no output about what happened.
The destination i'm mounting the overlayfs is to another user. For that I need root to execute the mount command. To be able to run the code without using root nor sudo, I took a look at this question. I created the c code, compile it and set the proper permissions (root.root, rwsr,sr...). I ran the code in a php file:
<?php
// filename over.php
print shell_exec("whoami")."\n";
print shell_exec('/var/www/vhosts/user/deployment/exec "sudo mount -t overlay overlay -o lowerdir=/var/www/vhosts/user/deployment/template5_dev,upperdir=/var/www/vhosts/user.deve/httpdocs,workdir=/var/www/vhosts/user/deployment/overlay-work /var/www/vhosts/user.deve/httpdocs"');
What the code does is print the actual user name (to make sure I have an output, to see if the code executed) then merge the folders. The file /var/www/vhosts/user/deployment/exec is the c program then I pass the code to execute as argument.
In the terminal I run: php -f "/var/www/vhosts/user/httpdocs/over.php". I check the merged folder I can see it works. And the output is user.
Then I unmount the overlay sudo umount /var/www/vhosts/user.deve/httpdocs.
I access the php script via the browser, I got the output user but the folder does not merge. I ctrl-f5 multiple times but nothing, no error, no error in log nothing.
I changed the command to shell_exec('/var/www/vhosts/user/deployment/exec "sudo mkdir /var/www/vhosts/user.deve/httpdocs/nouvo"');, the sudo created the folder from the browser.
I noticed that only the mount command does not run properly.
What could be the reason the sudo mount command does not run by apache, and even if there was an error, doesn't it print out the error?
I just take a look at /var/log/kern.log. I can see the mount command got executed from the web-browser. But the log is different from the one the ones executed in the terminal.
From the web-browser:
kernel: [ 149.465459] overlayfs: filesystem on '/var/www/vhosts/user.deve/httpdocs' not supported as upperdir
kernel: [ 151.629192] overlayfs: filesystem on '/var/www/vhosts/user.deve/httpdocs' not supported as upperdir
kernel: [ 153.453612] overlayfs: filesystem on '/var/www/vhosts/user.deve/httpdocs' not supported as upperdir
From the terminal after executing from the browser:
kernel: [ 312.858797] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
kernel: [ 312.858804] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
I just don't get the log from the browser since the script is same.
Related
here is my problem: i would like to create a directory and limit it size using this method.
The thing is when i try it via cli its working perfectly (the file system is mounted on the newly created directory with its size limit), however when i put it in a bash script the directory is created but not with its size limit.
Here is my script.sh:
# !/bin/bash
# Set default parameters
limited_directory_name=$1
size=$2
# Setting path
parent_path="/path/to/directory/parent/"
directory_path="$parent_path$limited_directory_name"
# Creating directory/mountpoint
mkdir "$directory_path"
#Creating a file full of /dev/zero
limited_size_file="$directory_path.ext4"
touch "$limited_size_file"
dd if=/dev/zero of="$limited_size_file" bs="$size" count=1
#Formating the file
sudo mkfs.ext4 "$limited_size_file"
#Mount the disk
sudo mount -o loop,rw,usrquota,grpquota "$limited_size_file" "$directory_path"
I believe (pretty sure actually), that the problem is in these two last lines
sudo mkfs.ext4 "$limited_size_file"
or/and
sudo mount -o loop,rw,usrquota,grpquota "$limited_size_file" "$directory_path"
because as i said, the file and directory are created but just not with the size limit.
Also when i try to delete the directory ($directory_path/) after executing those command via cli i got : rm: cannot delete '$directory_path/': Device or resource busy, that i dont get when trying to delete it after executing the script. So i guess that the file system is not mounted when executing the script, and the problem is probably in the last two lines. I dont know if its has something to do with the way of using sudo inside a script or just something with mounting a file system inside a bash script.
I just wanna say that i am fairly new to bash scripting and i am sorry if my mistake is something like an obvious (noob) error. You can also say if i can improve my question in any way and i apologize if it's not clear enough.
And one last thing, i have tried different syntax for the last two line like:
sudo $(mkfs.ext4 "$limited_size_file")
or
sudo `mkfs.ext4 "$limited_size_file"`
or just
mkfs.ext4 "$limited_size_file" without sudo.
But nothing seems to work. I am using debian 10 btw and im calling the script like this in a PHP page (if it can help):
exec("myscript.sh $dname $dsize");
I'm trying to execute with PHP a command (rsync) to copy folders and files from a remote server to a local folder.
This is the code I wrote in php. Command WORKS in SSH (local Terminal and remote with putty.exe), copying correctly the folders and the files.
But it doesn't work in PHP. What can I do? Do you know a better(secure/optimal) way to do this?
exec("echo superuserpassword | sudo -S sshpass -p 'sshremoteserverpassword' rsync -rvogp --chmod=ugo=rwX --chown=ftpuser:ftpuser -e ssh remoteserveruser#remoteserver.com:/path/files/folder /opt/lampp/htdocs/dowloadedfiles/", $output, $exit_code);
EDIT:
I had read this guide to create a link between my server and my local machine.
Now I can login with ssh in my remote machine without password.
I changed my command:
rsync -crahvP --chmod=ugo=rwX --chown=ftpuser:ftpuser remote.com:/path/to/remote/files /path/to/local/files/
This command works too in terminal, but when I send it with exec php command, it fails again, but I got another different error: 127.
As MarcoS told in his answer, I checked the error_log.
The messages are this:
ssh: relocation error: ssh: symbol EVP_des_cbc, version OPENSSL_1.0.0 not defined in file libcrypto.so.1.0.0 with link time reference
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: remote command not found (code 127) at io.c(226) [Receiver=3.1.1]
Well, after lot of try/error, I finished to cut the problem in the root:
I readed this guide (like the last one, but better explained) and I changed the php file that execute the rsync command to the remote server (where files are located) and run the rsync.php file there, and it worked perfectly.
To execute in the machine with the files (the files to copy and the rsync.php)
1.- ssh-keygen generates keys
ssh-keygen
Enter an empty passphrase and repeat empty passphrase again.
2.- ssh-copy-id copies public key to remote host
ssh-copy-id -i ~/.ssh/id_rsa.pub remoteserveraddressip(xxx.xxx.xxx.xxx)
The rsync.php file:
exec("rsync -crahvP /path/in/local/files/foldertocopy remoteuser#remoteserveraddress:/path/in/remote/destinationfolder/", $output, $exit_code);
After all of that, navigate to the rsync.php file and all must work. At least worked for me...
I suppose you are experiencing identity problems... :-)
On a cli, you are running the command as the logged-in user.
On PHP, you are running the command as the user your web server runs as (for example, apache often runs as www-data, or apache user...).
One possible solution I see (if the above is the problem real cause), is to add your user to web-server group...
I'd also suggest you to check the web-server error logs, to be sure about the real cause of the problem... :-)
I have a C program that I wrote called convert3to5, originally written for CentOS / Fedora 32bit system in early 2010. I am moving it to new CentOS 6.x 64bit system host.
From a CentOS Putty console I can run the convert3to5 command just fine; here is a sample of it running from my console:
[root#cloud convert3to5]# ls
CircleStar convert3to5 Convert3To5.txt test.tif
[root#cloud convert3to5]# ./convert3to5 /var/www/webadmin/data/www/mydomain.com/uploads/SV-DIS160217B.tif
TIFFReadDirectory: Warning, /var/www/webadmin/data/www/mydomain.com/uploads/SV-DIS160217B.tif: wrong data type 7 for "RichTIFFIPTC"; tag ignored. Image has an undefined fillorder - using default: MSB2LSB
The above is a normal completion of convert3to5 and I get a SV-DIS160217B.bmp that is placed in /var/www/webadmin/data/www/mydomain.com/uploads/ So running it from console works fine.
Question - I am attempting to run the same exact command from PHP using the exec(command, output, return) command as follows:
chdir($sv_path.$c3to5_path); //change our working directory to "/convert3to5" directory
$command = "./convert3to5 $targetFile 2>&1";
$result = exec($command, $output, $return);
// the output of the above command - is a .bmp file it will be placed in the same path as the input .tif file
I get the following $result:
ERROR: Unable to convert
/var/www/webadmin/data/www/mydomain.com/uploads/SV-DIS160217B.tif to 5
color BMP file: Open file Error: Tiff_3_to_BMP_5_.lut!
My convert3to5 does need to open Tiff_3_to_BMP_5_.lut
Why does it find Tiff_3_to_BMP_5_.lut when I run convert3to5 from a console prompt but not from PHP exec(...) in both cases my pwd shows that I am in
[root#cloud convert3to5]# pwd
/var/www/webadmin/data/www/mydomain.com/myView/convert3to5
I have also verified pwd is correct from my PHP script after the
chdir($sv_path.$c3to5_path);
Tiff_3_to_BMP_5_.lut is in CircleStar directory - the path to CircleStar is /var/www/webadmin/data/www/mydomain.com/myView/convert3to5/CircleStar
Summary: ./convert3to5 works while PHP exec('convert3to5 ..) does not appear to work.
Can anyone suggest the difference and how to fix and/or debug?
Thanks
You're running the console from the convert3to5 directory, and I suspect your old C program used a relative path to the .lut file, possible relative to the .tif?
What if in the console example you did
cd ../..
./path/to/convert3to5/convert3to5 /var/www/webadmin/data/www/mydomain.com/uploads/SV-DIS160217B.tif
Might be related to $targetFile. Print that and see if it's the full path.
Finally, run
/full/path/to/convert3to5 fullTargetPath
If that works, then as a workaround, if you just do exec('/full/path/to/convert3to5 $fullTargetPath, ..) it should behave like the console.
Per my above comment to wonton:
From the console I was running as root (so fully privileged). I supposed my PHP script will run as the "apache" user on the server?
Here was the problem I believe: I looked at the CircleStar directory privileges where the Tiff_3_to_BMP_5_.lut file exists. CircleStar had rw-r--r-- (0644) when running as root from console this allowed my convert3to5 program to find and open Tiff_3_to_BMP_5_.lut file just fine. However not the PHP exec(...) once I changed the privilege on CircleStar to rwxr-xr-x (0755) PHP exec(...) ran fine!
So ultimately it was a permission issue.
I have written simple php script to help me update site contents when the commit is sent to bitbucket. I have following problem with it.
<?php
$repo_dir = '/var/www/vhosts/my_full_path';
$output = shell_exec('cd '.$repo_dir.' && hg --config auth.rc.prefix=https://bitbucket.org/XXXXX --config auth.rc.username=my_username --config auth.rc.password=my_pass pull -u https://bitbucket.org/XXXXXXX &');
echo $output;
?>
When I type it to web browser it doesn't work. The output of script is:
pulling from https://bitbucket.org/XXXXXXXXXXXXXX
but when I try to execute it under console on the server it works like a charm:
php myscript.php
generates following output:
pulling from https://bitbucket.org/XXXX
searching for changes
adding changesets
adding manifests
adding file changes
added 2 changesets with 2 changes to 1 files
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
See the oupt is full and correct! in concole I'm using root user in web browser data-www? Is there any difference in this case?
I have found the solution. I hope it helps someone.
There were two problems:
Permissions to my repo dir
Authentication for user www-data for this repo
The problem occured because web browser doesn't flush warnings and abort messages while executing command shell_exec. If you want to test your script, you have to lgoin to console by SSH (as root for example) then execute script / command as apache user:
sudo -u www-data php /path-to-your-script/script.php
In console you will see all problems which following user generates.
I actually try to laucnh a gnome-term with a php script, seems i have some problems with the users www-data;
my script make only a ls -l command in a directory (is just for a test) and i run it with a php page in my local-web site.
here the gnome-terminal command in my bash script (he run perfectly when i double-click on him) :
gnome-terminal --working-directory=/opt/cuckoo -x bash -c "ls -l"
and here is the call on the php-page :
system("/my/path/to/the/script/script.sh");
i have some echo in my script and i see them in the php page after i try to run the script with the php.page.
i think www-data don't have the right to do so i give the ownership of the script with the chown command, and at last a try the sudo visudo command and make the script execute like the user www-data is root (with NO PASSWD arg)
But i can't open the terminal and make a ls at last, i try with exec too, and show the result with $ouput butthe result is the same as well.
At last my question is : Php can really run a terminal or maybe a fool myself^^? Thanks for taking time to rescure me ;)
PHP can run everything, but depends who spawns it. Forget just running X apps from a web server - you'll need more than just executing them (permissions, DISPLAY and Xauth settings). Read more about the X clients and architecture.
Probably the right place to ask this is at SuperUser, since the problem is not in the coding itself.