?
Solved

FreeBSD file permissions for php script to work

Posted on 2004-10-20
6
Medium Priority
?
841 Views
Last Modified: 2013-12-04
Hello,

Here is my problem...Please refer to http://www.experts-exchange.com/Web/Web_Languages/XML/Q_21161254.html for my previous question.  I have now moved everything over to the following platform and need permissions set.

FreeBSD 4.7
Apache 1.3.31

I'm guessing instead of 'Internet Guest Account,' I need to use 'www' ?  Previously I needed to give 'Internet Guest Account' access to use cmd.exe (please see shell-exec in the php script).

And what is the appropriate permissions to set on the folder?  chmod 777?

I am using a processor in a PHP script, see below:

<?php
$output = shell_exec(java -cp filename.jar x.y.z.MainClass filename.xml filename.xsl');
      echo "<pre>$output</pre>";
?>
0
Comment
Question by:jpegvarn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 38

Expert Comment

by:yuzh
ID: 12366194
If you run apache server as user nobody, you should set the permissions to 3750

eg:

maintainer = user fred:

chown fred:nobody dirname
chmod 3750 dirname

PS:
   chmod 3750 = chmod 750 dirname ; chmod g+s dirname

man chmod
to leran more details
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12369949
agreed with yuzh's 3750 ...

> needed to give 'Internet Guest Account' access to use cmd.exe
wired, what has cmd.exe to do with unix? could you please explain
0
 
LVL 62

Expert Comment

by:gheist
ID: 12372860
So, welcome to new world of Apache webserver on your UNIX system.
It is designed ten years before your past windows system, and connected to Internet ten years before windows connected to network.

The overall aproach to user management are at least different if not more practical.

First there is unrestricted user called root (Something like LocalSystem account), and having user ID ( UID) of zero. This user account is mostly uset at system boot to launch resident programs (aka daemons, like Apache httpd you like) in the name of other other user accounts (like www you know of).

So, your httpd is started as user www and group www, and accesses all files like it was user www ( something like "Internet Guest Account")

No files in web directories should not belong to this user, since ultimate owner of file can always rewrite the file ( e.g. deface your website via webserver security hole)

But this makes your application into another confusion - it launches java, which always uses temporary files and lots of memory, and makes you create web root rewritable by webserver process itself.

Why don't you use previously suggested sablotron, for example it has sabcmd wrapper which makes what you do using java.

FreeBSD prefers calling java executable javavm
If you insist on launching java to render each webpage consider using at least Turck MMCache or Zend,to avoid running java each time you present a page.

Just what do you want to accomplish by this launching of java???

If this is updating some data file some time, then FreeBSD has great scheduling tool called cron for that.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:jpegvarn
ID: 12400580
Thank you for the responses.

yuzh, I've tried your suggestion and I am not able to get the output I desire.  Apache is being run by www, so I did the following:

chown www:www dirname
chmod 3750 dirname

If I run the below command in a shell as root, "java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl", an excel file is created in that particular folder.  As you see below, what I am trying to do is use the same command within a php script so it can be executed from any browser and the file will be created.

My explanation about the IIS 'Internet Guest Account' has to do with what I had to do on the windows machine for this step to work - I had to give this account permission to use the cmd.exe so it could return the output.

<?php
$output = shell_exec('java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl');
echo "<pre>$output</pre>";
?>
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 2000 total points
ID: 12403999
use full path to java, then also make shure that you cd to the directory where to find saxon.jar etc. (or give full paths too)

Your apache's error_log or php-logfile should give you more detailled error messages
0
 

Author Comment

by:jpegvarn
ID: 12412138
It was a path issue I was unaware of.  Thank you ahoffmann.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
OfficeMate Freezes on login or does not load after login credentials are input.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month9 days, 17 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question