I am attempting to run pdftk as user www-data with the following command (as root):
sudo -u www-data /snap/bin/pdftk
But I am getting this error:
cannot create user data directory: /var/www/snap/pdftk/9: Read-only
file system
(Ubuntu 18.04, PDFTK installed with SNAP).
The /var/www/snap/pdftk and /var/www/snap/pdftk/9 directories have rw permissions for the www-data user:
drwxr-xr-x 3 www-data www-data 4096 Jan 23 15:44 ./
drwxrwxrwx 4 root root 4096 Jan 23 15:44 ../
drwxrwxr-x 4 www-data www-data 4096 Jan 23 15:44 pdftk/
drwxrwxr-x 4 www-data www-data 4096 Jan 23 15:44 ./
drwxr-xr-x 3 www-data www-data 4096 Jan 23 15:44 ../
drwxrwxr-x 2 www-data www-data 4096 Jan 23 15:44 9/
drwxr-xr-x 2 www-data www-data 4096 Jan 23 15:44 common/
lrwxrwxrwx 1 www-data www-data 1 Jan 23 15:44 current -> 9/
I need to be able to run PDFTK as www-data user because I want to call PDFTK from a PHP script served by apache2, as in:
<?php
`/snap/bin/pdftk file1.pdf file2.pdf cat output file3.pdf`;
NOTE: the pdftk wrapper for PHP, mikehaertl/php-pdftk, doesn't seem to want to save files either. I tried the ->saveAs() function but no file is generated, even when attempting to write to /tmp, which should have full write permissions. No errors in apache2 error log, so I'm betting it's the same issue.
I encountered exactly the same problem! In particular, I didn't face this problem when using pdftk in Ubuntu 18.10 with pdftk already included back, but faced this problem on a server with Ubuntu 18.04.
My workaround is NOT to install pdftk via snap. I installed pdftk with debian packages, following the instruction at https://www.webdesign101.net/install-pdftk-on-ubuntu-18-04-bionic/.
Everything then just works fine.
Related
I'm running a Laravel 5.7 app in the Ngnix server. All my files and directory permissions are set to www-data:www-data user:group. The problem is when I tried to run following PHP artisan command from the code using PHP exec() function, it is giving permission denied issue to create file under storage/log/ folder, which is already 777 and the queue was never executed.
$file_name = "queue-log";
exec('php artisan queue:work --tries=3 --stop-when-empty > storage/logs/'.$file_name.'.log &',$array);
When I simply try to do it by CLI, it works normally. My php.ini is not in safe mode and exec() is not under disabled functions list and exec("whoami") returns www-data when debugging from the browser.
Any clues what is going on?
The output of ls -la storage is
drwxrwxrwx 6 www-data www-data 4096 Jun 13 11:30 .
drwxrwxr-x 14 www-data www-data 4096 Jul 3 10:39 ..
drwxrwxrwx 5 www-data www-data 4096 Mar 22 14:58 app
drwxrwxrwx 2 www-data www-data 4096 Jul 19 07:04 debugbar
drwxrwxrwx 6 www-data www-data 4096 Jun 12 23:13 framework
drwxrwxrwx 2 www-data www-data 4096 Jul 23 04:40 logs
and the output of ls -la storage/logs
drwxrwxrwx 2 www-data www-data 4096 Jul 23 04:40 .
drwxrwxrwx 6 www-data www-data 4096 Jun 13 11:30 ..
-rwxrwxrwx 1 www-data www-data 96950 Jun 13 05:07 laravel-2019-06-13.log
I'm using bitbucket to host my git repository, the repo holds a test website at the moment, I have created a bitbucket webhook, so when I push to the bitbucket repo, the changes show up as live on the digitalOcean VPS, in other words.. when bitbucket receives a push, it calls the webhook php file, and that php file has a shell script that pulls from github..
the hook file
Hook path : /var/www/html/hook.php
the site folder
Site path : /var/www/html/webhooks/
the hook.php file looks like so
<?php
echo "________PHP_AUTO_PULL________";
$output = shell_exec('git -C ./webhooks/ pull https://userName:password#bitbucket.org/userName/repo.git master');
echo "<pre>$output</pre>";
?>
when I do this in terminal
php hook.php
it does the job normally, and it pulls..
but the problem is, webhooks only shows this reply
________PHP_AUTO_PULL________
indicating that it does no pull, yes I have checked, no pull occured, how to make the hook execute the file normally?
permissions and owners are provided in these listings
listing for /var/www/html/
drwxrwxr-x 3 www-data www-data 4096 Mar 28 09:21 ./
drwxrwxr-x 3 www-data www-data 4096 Mar 3 16:49 ../
-rwxrwxrwx 1 www-data root 200 Mar 28 09:05 hook.php*
-rw-rw-r-- 1 www-data www-data 20 Mar 3 16:49 info.php
drwxr-xr-x 3 root root 4096 Mar 28 09:03 webhooks/
listing for /var/www/html/webhooks/
drwxr-xr-x 3 root root 4096 Mar 28 09:03 ./
drwxrwxr-x 3 www-data www-data 4096 Mar 28 09:21 ../
-rw-r--r-- 1 root root 295 Mar 27 15:13 content.html
drwxr-xr-x 8 root root 4096 Mar 28 09:03 .git/
-rw-r--r-- 1 root root 444 Mar 27 15:13 index.html
-rw-r--r-- 1 root root 963 Mar 27 15:13 menu_1.html
-rw-r--r-- 1 root root 13 Mar 28 09:03 number.txt
my webserver is nginx
any idea why it works from terminal, but bitbucket can't have it to work?
I have managed to solve it, using :
echo shell_exec("/usr/bin/git pull https://userName:password#bitbucket.org/userName/repo.git master 2>&1");
the 2>&1 part was helping me to see errors about permissions of folders, I used
chown -R www-data .git/
and it's working fine.
I am running a Symfony3 application inside a Docker container. I have created a CommonBundle with all the resources (js, css, images). This resources are symlinked to another path as shown below:
$ docker exec -u www-data -it dockeramp_php_1 ls -la oneview_symfony/src/CommonBundle/Resources/public
total 8
drwxrwsr-x 2 www-data www-data 4096 Feb 23 21:09 .
drwxr-sr-x 5 www-data www-data 4096 Feb 23 20:54 ..
lrwxrwxrwx 1 root www-data 32 Feb 23 21:09 css -> /var/www/html/public_html/styles
lrwxrwxrwx 1 root www-data 32 Feb 23 21:09 images -> /var/www/html/public_html/images
lrwxrwxrwx 1 root www-data 28 Feb 23 21:08 js -> /var/www/html/public_html/js
The directory oneview_symfony/web does exists and it's writable by www-data as shown below:
$ docker exec -u www-data -it dockeramp_php_1 ls -la oneview_symfony/web
total 64
drwxrwsr-x 3 www-data www-data 4096 Feb 23 20:50 .
drwxrwsr-x 9 www-data www-data 4096 Feb 23 21:16 ..
-rwxrwxr-x 1 www-data www-data 3319 Feb 23 16:45 .htaccess
-rwxrwxr-x 1 www-data www-data 631 Feb 23 16:45 app.php
-rwxrwxr-x 1 www-data www-data 843 Feb 23 16:45 app_dev.php
-rwxrwxr-x 1 www-data www-data 2092 Feb 23 16:45 apple-touch-icon.png
drwxr-sr-x 2 www-data www-data 4096 Feb 23 20:50 bundles
-rw-rw-rw- 1 www-data www-data 21486 Feb 23 20:50 config.php
-rwxrwxr-x 1 www-data www-data 6518 Feb 23 16:45 favicon.ico
-rwxrwxr-x 1 www-data www-data 116 Feb 23 16:45 robots.tx
I am trying to install the assets relative or symlink switching values on the composer.json file:
{
...
"extra": {
...
"symfony-web-dir": "web",
"symfony-assets-install": "relative",
}
}
I am trying to publish the assets running the following command and ending up with the error below:
$ docker exec -u www-data -it dockeramp_php_1 php oneview_symfony/bin/console assets:install
[InvalidArgumentException]
The target directory "web" does not exist.
What I am missing here?
There is a similar issue here but without answer so far.
Can you try this command instead:
$ docker exec -u www-data -it dockeramp_php_1 php oneview_symfony/bin/console assets:install web
If that doesn't work, try the full path to the web directory.
Let us know if that works. Not sure if that will fix the problem, but please try it.
Configure variable for assets command.
Add public-dir to composer.json
"extra": {
"symfony-web-dir": "web",
"public-dir": "web",
...
},
Because assets command relies on it (view code on github)
Look:
$defaultPublicDir = 'public';
// ...
if (isset($composerConfig['extra']['public-dir'])) {
return $composerConfig['extra']['public-dir'];
}
return $defaultPublicDir;
For anyone trying to install assets in Symfony 4 with the old Symfony3 directory structure getting:
Error thrown while running command "assets:install". Message: "The target directory "public" does not exist."
The same fix Alvin Bunk provided works:
$ bin/console assets:install web
Just manually provide the old target path
You need to run the exact line
app/console assets:install or bin/console assets:install
(depends on your version) since it takes the path of the command as reference.
I tried my best to install GnuPG extension in PHP but it does not work.
I followed a lot of instruction but I have not been successful.
This is the code, and it always produces the error:
import failed
$keyring = "/var/www/.gnupg/";
putenv("GNUPGHOME=$keyring");
$GnuPG = new gnupg();
$GnuPG->seterrormode(GNUPG_ERROR_WARNING);
$PublicData = "key text";
$PrivateData = "key text";
$PublicKey = $GnuPG->import($PublicData); -->error here
$PrivateKey = $GnuPG->import($PrivateData); --> error here
echo 'Public Key : ',$PublicKey['fingerprint'],' & Private Key :',$PrivateKey['fingerprint'];
I tried to set the GNUPGHOME where the apache home directory is located (/var/www/.gnupg) in the code, but it does not work.
I give the permissions (777) to the folder /var/www to Apache user (www-data) but it does not work.
drwxrwxrwx 2 www-data www-data 4096 Jun 27 17:38 .
drwxr-xr-x 3 root root 4096 Jun 27 16:56 ..
-rwxrwxrwx 1 www-data www-data 383 Jun 27 16:50 pubring.gpg
-rwxrwxrwx 1 www-data www-data 383 Jun 27 16:50 pubring.gpg~
-rwxrwxrwx 1 www-data www-data 600 Jun 27 16:50 random_seed
-rwxrwxrwx 1 www-data www-data 753 Jun 27 16:50 secring.gpg
-rwxrwxrwx 1 www-data www-data 1280 Jun 27 16:50 trustdb.gpg
Environement
PHP 5.3.10
Ubuntu 12.04
GPGme Version 1.2.0
GnuPG Extension Version 1.3.6
The same problem in this thread:
PHP gnupg 'import failed'
The access rights on your pubring.gpg and secring.gpg files seems correct. You may want to drop the execute (x) right as that's not needed. Could it happen that the files are corrupt? May also want to run the program under strace to see if it is indeed accessing those file.
I'm trying to install a PHP-based software package in a Red Hat 7 Amazon EC2 instance (ami-8cff51fb) that has had Apache 2.4.6 and PHP 5.4.16 installed on it using yum. The installation fails because it says a particular directory needs to be writable by the webserver with 0755 or 0775 permissions.
The directory in question has 0775 permissions with root:apache ownership. I have verified that the httpd process is being run by the apache user and that the apache user is a member of the apache group.
If I edit /etc/passwd to temporarily give the apache user a login shell and then su to that account, I am able to manually create files as the apache user within the directory using the touch command.
I took a look at the source code of the installer script and identified that it's failing because PHP's is_writable() function is returning false for the directory in question. I created a separate test PHP script to isolate and verify the behaviour I'm seeing:
<?php
$dir = '/var/www/html/limesurvey/tmp';
if (is_writable($dir)) {
echo $dir, ' is writable';
} else {
echo $dir, ' is NOT writable';
}
?>
This outputs the NOT writable message. If I change $dir above to be /tmp then it correctly outputs that /tmp is writable.
If I change the directory permissions to 0777 and/or change the ownership to apache:apache then PHP still reports that the directory isn't writable. I even tried creating a /test directory set up with the same permissions and ownership and my test script still reports it as not writable.
I'm really at a loss as to explain this behaviour, so any ideas would be welcome!
Thanks in advance.
The directory listing for /var/www/html/limesurvey is given below. The tmp and upload directories have 0775 permissions as per Lime Survey's installation instructions. test.php is my test script mentioned above.
[ec2-user#ip-xx-x-x-xxx limesurvey]$ pwd
/var/www/html/limesurvey
[ec2-user#ip-xx-x-x-xxx limesurvey]$ ls -al
total 80
drwxr-xr-x. 20 root apache 4096 Mar 30 11:25 .
drwxr-xr-x. 3 root root 23 Mar 25 14:41 ..
drwxr-xr-x. 2 root apache 38 Mar 10 12:56 admin
drwxr-xr-x. 16 root apache 4096 Mar 10 12:56 application
drwxr-xr-x. 3 root apache 4096 Mar 10 12:56 docs
drwxr-xr-x. 2 root apache 4096 Mar 10 12:56 fonts
drwxr-xr-x. 19 root apache 4096 Mar 10 12:56 framework
-rw-r--r--. 1 root apache 429 Mar 10 12:56 .gitattributes
-rw-r--r--. 1 root apache 399 Mar 10 12:56 .gitignore
-rw-r--r--. 1 root apache 296 Mar 10 12:56 .htaccess
drwxr-xr-x. 4 root apache 4096 Mar 10 12:56 images
-rw-r--r--. 1 root apache 6652 Mar 10 12:56 index.php
drwxr-xr-x. 5 root apache 39 Mar 10 12:56 installer
drwxr-xr-x. 89 root apache 4096 Mar 10 12:56 locale
drwxrwxr-x. 2 root apache 39 Mar 25 14:41 logs
drwxr-xr-x. 4 root apache 49 Mar 10 12:56 plugins
-rw-r--r--. 1 root apache 61 Mar 10 12:56 README
drwxr-xr-x. 4 root apache 4096 Mar 10 12:56 scripts
-rw-r--r--. 1 root apache 380 Mar 10 12:56 .scrutinizer.yml
drwxr-xr-x. 5 root apache 4096 Mar 10 12:56 styles
drwxr-xr-x. 5 root apache 4096 Mar 10 12:56 styles-public
drwxr-xr-x. 12 root apache 4096 Mar 10 12:56 templates
-rw-r--r--. 1 root apache 159 Mar 30 11:11 test.php
drwxr-xr-x. 3 root apache 20 Mar 10 12:56 themes
drwxr-xr-x. 26 root apache 4096 Mar 10 12:56 third_party
drwxrwxr-x. 5 root apache 80 Mar 26 13:45 tmp
drwxrwxr-x. 6 root apache 79 Mar 10 12:57 upload
Running namei -l /var/www/html/limesurvey/tmp gives:
[ec2-user#ip-x-x-x-xxx ~]$ namei -l /var/www/html/limesurvey/tmp
f: /var/www/html/limesurvey/tmp
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x root root html
drwxr-xr-x root apache limesurvey
drwxrwxr-x root apache tmp
After much head-scratching, it transpired that SELinux was preventing the directory from being written to. I found a good tutorial that explains what's going on. I was able to fix it by running this command:
sudo chcon -R -t httpd_sys_rw_content_t tmp
in CentOS 6 above should be SELinux enable enforcing
setenforce Permissive
check the status
sestatus
refer to https://wiki.centos.org/HowTos/SELinux
to write to a directory you also need execute permissions to the dirs above.
namei -l /var/www/html/limesurvey/tmp
should show which step you do not have the correct permissions for.
HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1`
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX tmp
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX tmp
Taken directly from the Symfony2 installation guide, this solves the problem with cache write access sharing between Apache and CLI tools. This might work for your tmp directory as well.
is_writable by default only checks on the user, not the group.
So even if you group is matching and has permissions is_writable will return false.
To relax this check you will need to set
safe_mode_gid = On
in the PHP config or change the user accordingly.