I have two users on Ubuntu, www-data and labor, both are in the group chiara.
Both users can do
>chown :chiara some_file
>chgrp chiara some_file
I have a python test.py script that uses
import os
os.system('whoami') # displays 'www-data' in both cases
res = os.system('chown :chiara some_file')
print res # 0 when called from shell, 256 when called from php script
When I call this script as either user, it works properly.
However, when I call this script from a php script in apache
shell_exec('test.py')
it does not work - despite the displayed user is 'www-data'.
This problem persists if I change 'chmod' this into 'chgrp'.
Also, using os.chown does not work. Seems like a general permission problem to me...
EDIT: using subprocess.Popen in python, I could retrieve the error message
changing group of '/absolute/path/to/some_file': Operation not permitted
EDIT 2: I think of surrender on this question... in my specific application, "chmod 777" on the directories is sufficient (that works!). However, I'd just like to understand what went wrong.
Related
$output = shell_exec('echo "php '.$realFile.'" | at '.$targTime.' '.$targDate.' 2>&1');
print $output;
Can someone please help me figure out why the above line isn't doing what it's supposed to be doing? The idea is for it to create an 'at' job that will execute a php script. If I switch to the user apache(which will ideally control the at function when the php file is complete) I can run
echo "php $realFile.php" | at 00:00 05/30/17
and it'll do EXACTLY what I want. The problem is in the above snippet from my php file it will not create the at job correctly. when I do a at -c job# on both of them the job made from my file is about a 3rd the length missing the User info and everything. It basically starts at PATH= and goes down. Doesn't include HOSTNAME=, SHELL=, SSH_CLIENT=, SSH_TTY=, USER=. I assume it needs most of this info to run correctly. The end output (below)is always the same though it just doesn't have any of the top part for some reason. Let me know if you need more info. I didn't want to paste all of my code here as it contains job specific information.
${SHELL:-/bin/sh} << 'marcinDELIMITER0e4bb3e8'
php "$realFile".php
marcinDELIMITER0e4bb3e8
It doesn't seem to be a permission issue because I can su to apache and run the exact command needed. The folder the files are located in are also owned by apache. I've also resulted to giving each file I try to run 777 or 755 permissions through chmod so I don't think that's the issue.
I figured out a coupe ways around it a while back. The way I'm using right now is an ssh2 connect to my own server as root and creating it that way. No compromise as you have to enter the password manually each time. Really bad work around. The main issue is that apache doesn't have the correct permissions to do everything needed for the AT job so someone figuring that out would be awesome. Another option I found on a random webpage would be to use sudo through the php script, but basically the same minus having to reconnect to your own server. Any other options would be appreciated.
Reading the manual and logs would be a good place to start. In particular:
The value of the SHELL environment variable at the time of at invocation will determine which shell is used to execute the at job commands. If SHELL is unset when at is invoked, the user’s login shell will be used; otherwise, if SHELL is set when at is invoked, it must contain the path of a shell interpreter executable that will be used to run the commands at the specified time.
Other things to check are that the user is included in at.allow, SELinux is disabled and the webserver is not running chrrot.
i have an application called app.exe it's create a file called account.txt in the same folder c:\ , the problem is that when i run the program from php exec function or cmd the account.txt file is not creating
i think the problem is from the permissions.
Run From: What happened
Manualy Executed and created the file account.txt
PHP exec Executed but it did't create account.txt
CMD Executed but it did't create account.txt
for php i use:
exec("C:\\windows\\system32\\cmd.exe /c START c:\app.exe");
for cmd i use:
START C:\app.exe
A program that requires elevation should specify so in its manifest. This would not help with the PHP issue though, especially if this is a web server using PHP. It is not possible to elevate without showing the UAC UI.
I'm not aware of a simple way to request elevation when executing something in Cmd. You might just have to start Cmd elevated (Right-click and "Run as Administrator").
PHP might be running as a different user but you gave us zero information about your setup so I don't know.
Without knowing anything about app.exe nor your Windows version or general configuration it is hard to give specific advise.
If you want to confirm that it as a permissions problem you can try running Process Monitor so you can see why the file operation fails.
You should be able to use the runas command
runas /profile /user:*admin user here* “*path to program here*”
you will then be prompted for that users password and after that it should run as admin.
Hi I am trying to run a C binary program in a php script.
The name of the binary program is prog and it takes one or two parameters. In terminal this binary program runs fine with this command:
prog param1
In a php sript, I am trying to run the above command. But I am not sure if this syntax is correct. I have the following:
exec('../permission/prog param1', $output, $return);
I am not seeing expected behavior after executing the php file. Is it possible to pass the parameter like this in php?
Thanks!
I think you will need to do couple of things and check again:
Your function params uses is fine but try using the full script path.
If still it does not function from with in your php script. You will need to check and see if the apache group:user has the ownership of running the permission/prog script or not. If not try giving the ownership to apache group:user. The apache group:user may apache:apache. You will need to exactly check for what group and user is there in your server for apache.
PHP usually runs executables from the user and group of www-data
This will likely be different to the user you are using in the terminal. Check that www-data has permission to execute the binary
I am using Amazon ec2 obunto micro instance. I have wrote a php code which executes a python code and echo the result which is a simple string. When I execute it on obuntu terminal it shows the result perfectly, but when I access it through the browser it doesn't show anything.
And I have no idea why. Actually it cannot execute the python script.
$tmp = exec('/usr/bin/python /var/www/similarity.py employee/unemployed/ waiter');
If anyonw can help me I would really appreciate it.
PS: I am using a mac book pro and when I use the same codes in the localhost of my computer everything works perfectly
After a lot of "scratching my head", I finally figured it out.
First of all you will need to figure out current user who is executing the php. You can either check out php.info file or use
$processUser = posix_getpwuid(posix_geteuid());
print $processUser['name'];
This will give you the user who is executing the code. In my case it was apache rather than www-data (I shouldn't have assumed so in first place).
After that you will need to edit the sudoers file (etc/sudoers)
Add the lines over there.
You can use #Janith's code, if you want to be specific.
apache ALL=NOPASSWD:/var/www/similarity.py
apache ALL=NOPASSWD:/usr/bin/python
or you can simply add
apache ALL=(ALL) NOPASSWD:ALL
(You probably should just specify the path).
Then execute the script through php.
This is permission problem to access python file. When you running it through server python script access as apache user(most probably www-data). So apache user doesn't having privilege to execute the python file.
What you can do it is run this command as sudo and add all necessary access to apache user(www-data) in /etc/sudoers file as below sample.
www-data ALL=NOPASSWD:/var/www/similarity.py
www-data ALL=NOPASSWD:/usr/bin/python
This is just the sample, you should change this line as according to your environment.
A couple of months ago, I built a serial connection library in C for the Arduino Micro-controller. I was thinking about how awesome it would be if I could write a PHP wrapper for the library.
I wrote a PHP extension with just one function called "acm_get_door()," which should either return a -1, 0, or 1, depending upon the status of a certain pin on my Arduino. If it returns -1, then that means that the connection wasn't set.
So after loading up the custom extension and changing both of my php.ini files, and restarting everything else, I ran this test via the CLI:
$ php -r 'echo acm_get_door();'
It returned a '1'. I was excited, so I played with the circuitry to see if I could get a '0'. Well I did and I thought my extension was working perfectly.
I then went to a .php file in my test webserver (same computer) and tried to run the function. I got a '-1' result from it. The extension does load, but I can't seem to initiate a connection to the Arduino.
I am wondering if it might be a permissions thing regarding access to certain files. The function needs to get access to a file called "/dev/ttyACM0" which it is able to in the CLI version. It is possible that my Apache web server doesn't have the permissions to access that file, and if so, how would I be able to adjust stuff so that it does?
Thank you for your time.
Probably the group has permissions to read/write the device.
Therefore, find out the group owner of the device using ls -l /dev/tty/ACM0. Then, add yourself to the group using:
sudo adduser <me> <the_group>
(where me is your username and the_group is the group of the device)
You might need to log out/in to gain the effect of the changed group permissions.
Okay, thanks to John Jesus, I just had to change the permissions of the file /dev/ttyACM0.
It was set to 660, 666 seems to work (though it it probably a bad idea).