Solved

FreeBSD file permissions for php script to work

Posted on 2004-10-20
6
802 Views
Last Modified: 2013-12-04
Hello,

Here is my problem...Please refer to http://www.experts-exchange.com/Web/Web_Languages/XML/Q_21161254.html for my previous question.  I have now moved everything over to the following platform and need permissions set.

FreeBSD 4.7
Apache 1.3.31

I'm guessing instead of 'Internet Guest Account,' I need to use 'www' ?  Previously I needed to give 'Internet Guest Account' access to use cmd.exe (please see shell-exec in the php script).

And what is the appropriate permissions to set on the folder?  chmod 777?

I am using a processor in a PHP script, see below:

<?php
$output = shell_exec(java -cp filename.jar x.y.z.MainClass filename.xml filename.xsl');
      echo "<pre>$output</pre>";
?>
0
Comment
Question by:jpegvarn
6 Comments
 
LVL 38

Expert Comment

by:yuzh
ID: 12366194
If you run apache server as user nobody, you should set the permissions to 3750

eg:

maintainer = user fred:

chown fred:nobody dirname
chmod 3750 dirname

PS:
   chmod 3750 = chmod 750 dirname ; chmod g+s dirname

man chmod
to leran more details
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12369949
agreed with yuzh's 3750 ...

> needed to give 'Internet Guest Account' access to use cmd.exe
wired, what has cmd.exe to do with unix? could you please explain
0
 
LVL 61

Expert Comment

by:gheist
ID: 12372860
So, welcome to new world of Apache webserver on your UNIX system.
It is designed ten years before your past windows system, and connected to Internet ten years before windows connected to network.

The overall aproach to user management are at least different if not more practical.

First there is unrestricted user called root (Something like LocalSystem account), and having user ID ( UID) of zero. This user account is mostly uset at system boot to launch resident programs (aka daemons, like Apache httpd you like) in the name of other other user accounts (like www you know of).

So, your httpd is started as user www and group www, and accesses all files like it was user www ( something like "Internet Guest Account")

No files in web directories should not belong to this user, since ultimate owner of file can always rewrite the file ( e.g. deface your website via webserver security hole)

But this makes your application into another confusion - it launches java, which always uses temporary files and lots of memory, and makes you create web root rewritable by webserver process itself.

Why don't you use previously suggested sablotron, for example it has sabcmd wrapper which makes what you do using java.

FreeBSD prefers calling java executable javavm
If you insist on launching java to render each webpage consider using at least Turck MMCache or Zend,to avoid running java each time you present a page.

Just what do you want to accomplish by this launching of java???

If this is updating some data file some time, then FreeBSD has great scheduling tool called cron for that.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:jpegvarn
ID: 12400580
Thank you for the responses.

yuzh, I've tried your suggestion and I am not able to get the output I desire.  Apache is being run by www, so I did the following:

chown www:www dirname
chmod 3750 dirname

If I run the below command in a shell as root, "java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl", an excel file is created in that particular folder.  As you see below, what I am trying to do is use the same command within a php script so it can be executed from any browser and the file will be created.

My explanation about the IIS 'Internet Guest Account' has to do with what I had to do on the windows machine for this step to work - I had to give this account permission to use the cmd.exe so it could return the output.

<?php
$output = shell_exec('java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl');
echo "<pre>$output</pre>";
?>
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 12403999
use full path to java, then also make shure that you cd to the directory where to find saxon.jar etc. (or give full paths too)

Your apache's error_log or php-logfile should give you more detailled error messages
0
 

Author Comment

by:jpegvarn
ID: 12412138
It was a path issue I was unaware of.  Thank you ahoffmann.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now