I am trying to call a python script from php (Using xamp).
The python script internally calls a shell script and the shell script has an ssh and scp command.
On executing the PHP back-end code using exec I observe the following errors in xamp log file.
The python script works fine through command line
Could not create directory '/sbin/.ssh'.^M
Failed to add the host to the list of known hosts (/sbin/.ssh/known_hosts).^M
Permission denied, please try again.^M
Permission denied, please try again.^M
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).^M
Could not create directory '/sbin/.ssh'.^M
Host key verification failed.^M
Presumably, the python script is being run by a different user when it's called by PHP than when you run it by hand, which does not have appropriate permissions to do whatever actions the script is trying to perform. So you'll need to tweak permissions / user groups for the various things the script is going to be trying to do in order for it to run successfully.
Looking at this question is probably a good starting point:
How to check what user php is running as?
Once you identify the user that is actually running the script, you can try running the script as that user and then fixing problems as they come up.
I couldn't say for sure without seeing the Python script, but this probably has something to do with what the working directory is when the php user calls the script. You should either use absolute paths in your code or use
os.chdir(<path>)
to make sure you're using the correct working directory. Note if you do this, you'll probably run into permissions errors as mentioned in the other answer since .ssh and files in it are usually accessible only to the user whose directory it's in.
Related
I'm codding a php script, using Instagram Private PHP Api.
It's work fine via SSH under "root" user, but when I try to run it via browser or cron, I getting error: Warning: chmod(): Operation not permitted in .....
I guess that something wrong with permissions, but I am not really good in server administration and can't understand what I can do =(
Please help, how I can fix this problem?
Because Apache (or the web server you're using) executes PHP using different Linux user (usually www-data), which obviously have different permission than the user account you used in access via SSH.
To tackle the problem, you first have to know the folder / file you're going to chmod() belongs to who. If it belongs to root, then it's not suggested to chmod via any scripts that is accessible by public due to security concerns.
If it belongs to your user name, say foo, you can change the ownership of the folder / file you're going to chmod() to be accessible by www-data group using chown() in SSH console, then you chmod() command can be executed without problem.
The user that PHP runs as must have permissions to chmod the given file or directory. If you're running this script via CRON, you get to set the user that PHP runs as right in the CRON job. If you're visiting the script in a browser, PHP is likely running as php or php-fpm or the web server user.
Simply ensure that the given file or folder is owned by the user that PHP runs as.
Note: It is not recommended that you run this script as root in CRON.
If you are editing /etc/crontab, make sure the user parameter (the one after week) is root.
If you are editing crontab via crontab -e, add user parameter crontab -eu root.
I have a script write_get.php that I would like to execute via users remotely loading a web page. This script in turn runs
exec("sudo php save_file.php ".$arg1)
to do some file writing that requires sudo permissions. This works fine when I run write_get.php from the command line on my web server as a non-privileged user, but it doesn't work fine when I invoke the script by loading it in a web browser. The web browser presents the same message, making it appear as though there is no error, but the file created by save_file.php is never created. Everything else that needs to happen (another temp file creation that doesn't require sudo + a database insert) work fine, but everything else is in write_get rather than in the sudo-requiring save_file.
I assume the server somehow blocks this call to exec("sudo... when it's made remotely? Or if not, what's happening here? Most importantly, how can I work around this?
p.s. I understand there are probably major security concerns here, but please know there is no sensitive data/anything on this server and that the files created in the sudo-requiring script don't even contain user input, so for the moment I am more concerned with trying to do the above than with creating a safer file structure/alternate way of doing this.
What you're trying to do is a bad idea because you would need to give paswordless root access to the Apache user, which is essentially like making the Apache user equal to root. All it would take to gain root access to your server would be to upload a malicious PHP script and have that script executed by the Apache user. Instead just make the files you are writing to writable by the Apache user by executing:
chown -R www-data:www:data /var/www/html
And then instead of doing exec() just include the other PHP file in your main script.
I have a Python script which is encoding a video and then calling a shell script which uploads the new video to dropbox. It works fine from the command line but I needed to make it so others could execute it so I have a PHP script calling the python script.
I don't want the PHP script to run forever (it takes 15-30 mins for it to complete), I just want it to kick off the python script and be done. I figured out what I need to make that happen and like I said it works on the command line. But when it is called via PHP, the video encodes but the file never uploads. I can see the dropbox script was kicked off and is listed as a process using some percent of CPU, that percent never changes, it seems stuck/dead.
the command looks like this, being run using cmd()
script.py -options &>/logs/phptopython.log &
The shell script is kicked off using Popen
Any suggestions?
thanks
It sounds like this could be a permissions issue. Double check the permissions on the directory to which you are trying to upload the video. If you are on Linux you can modify the permissions on that directory like this:
chmod 755 /path/to/dir
This gives the file owner read, write and execute permissions (7). The group and other users get read and execute permissions (5).
Apache is likely running as a different user than when you run the command yourself in bash. A quick test to see if it's a permission issue would be to grant 777 on that directory. I wouldn't leave it that way though – it'd just be a way to quickly identify if permissions are the issue.
If the script works with 777 permissions, you could either change the owner of the directory to the user Apache runs as or add the Apache user to the directory's group and grant the group write permisssions.
Edit:
I just noticed you said you use cmd(), so I'm guessing you are on Windows. My comments might still be relevant but the chmod command won't work on Windows.
i am trying to run this piece of php code on my server:
<?php
$cmd = 'echo "this is a test" > /home/ubuntu/scripts/test_file';
echo exec($cmd);
?>
From my understanding it should add the piece of text to the file test_file . The file exists in the appropriate location and i have tried chmod 755 and chmod 777 on the php file. But i dont see the text being added to the text_file . I tried running the linux command directly on the server and it works. Could some one tell me what i am doing wrong?
Also, i am trying to create a virtual host file on the server through a php script. Rather than running the commands through php exec() , i thought it would be better to run a shell script, with the shell script reading the required parameters from a text file and setting the directory path in the virtual host file. I am new to linux, is this a good approach or is there a better way in going about this? All this is being done to setup a magento based site programatically. Thanks.
Your code is OK. The problem probably either lies with your php being in safe mode (though it's deprecated, see link) or with file/directory permissions.
No need to give the file permissions 0777 since that makes the file executable, 0666 should suffice. It is not enough however for the file to have the right permissions, each directory on the path must be traversable. Try a different directory to which the user with whose privileges the php code runs has access, /tmp is a good start.
General way to debug problems like this is to execute a different command which gives you extra information about the context in which echo is executed, e.g.
<?php
echo exec("id");
echo "<br/>";
echo exec("ls -l /home/ubuntu/scripts/test_file");
?>
(remember exec() only returns the last line of command's output, these display just one line though). These commands will tell you the user which runs the code and whether they can see the file at all.
As the comment already said: this is actually bad way to accomplish what you're trying to do, as writing Apache configuration based on user input through web could open you up to multiple issues.
What you might consider, is to have the PHP side write the required information to a file, or a database, which is then polled every now and then via a cron script or similar by a different process that does the actual configuration changes. This eliminates the need to exec() from PHP (which is always bad). With this, your process that runs PHP wouldn't need to have write permissions to important system files.
I have a PHP script involving exec() that will run fine from the command line but not in a web context. The script is simply this:
<?php exec('echo "wee" > /home/jason/wee.txt');
If I call this script wee.php and run php wee.php, it works fine and wee.txt gets written.
If I go to http://mysite.com/wee.php, the script pretends to run fine but wee.txt doesn't actually get written.
Any idea why this is happening?
The web server runs as a different user, and that user does not have permission to write to your home directory.
The other posters are correct to suggest the web server user doesn't have rights to write to your home directory. To see if they are right try modifying the code to write to /tmp/wee.txt. That should be world writable.
Another possibility is that php can be configured to disable calling exec(). See http://www.cyberciti.biz/faq/linux-unix-apache-lighttpd-phpini-disable-functions/
Your web server probably (correctly) doesn't have the appropriate permissions to write to a home directory.
Noticed you are writing to /home/jason. Note that apache will be the one running this command (i.e. www-data user if using Ubunut or Debian). Does the process have the correect rights to write to that folder?