Solved

FreeBSD file permissions for php script to work

Posted on 2004-10-20
6
796 Views
Last Modified: 2013-12-04
Hello,

Here is my problem...Please refer to http://www.experts-exchange.com/Web/Web_Languages/XML/Q_21161254.html for my previous question.  I have now moved everything over to the following platform and need permissions set.

FreeBSD 4.7
Apache 1.3.31

I'm guessing instead of 'Internet Guest Account,' I need to use 'www' ?  Previously I needed to give 'Internet Guest Account' access to use cmd.exe (please see shell-exec in the php script).

And what is the appropriate permissions to set on the folder?  chmod 777?

I am using a processor in a PHP script, see below:

<?php
$output = shell_exec(java -cp filename.jar x.y.z.MainClass filename.xml filename.xsl');
      echo "<pre>$output</pre>";
?>
0
Comment
Question by:jpegvarn
6 Comments
 
LVL 38

Expert Comment

by:yuzh
Comment Utility
If you run apache server as user nobody, you should set the permissions to 3750

eg:

maintainer = user fred:

chown fred:nobody dirname
chmod 3750 dirname

PS:
   chmod 3750 = chmod 750 dirname ; chmod g+s dirname

man chmod
to leran more details
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
agreed with yuzh's 3750 ...

> needed to give 'Internet Guest Account' access to use cmd.exe
wired, what has cmd.exe to do with unix? could you please explain
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
So, welcome to new world of Apache webserver on your UNIX system.
It is designed ten years before your past windows system, and connected to Internet ten years before windows connected to network.

The overall aproach to user management are at least different if not more practical.

First there is unrestricted user called root (Something like LocalSystem account), and having user ID ( UID) of zero. This user account is mostly uset at system boot to launch resident programs (aka daemons, like Apache httpd you like) in the name of other other user accounts (like www you know of).

So, your httpd is started as user www and group www, and accesses all files like it was user www ( something like "Internet Guest Account")

No files in web directories should not belong to this user, since ultimate owner of file can always rewrite the file ( e.g. deface your website via webserver security hole)

But this makes your application into another confusion - it launches java, which always uses temporary files and lots of memory, and makes you create web root rewritable by webserver process itself.

Why don't you use previously suggested sablotron, for example it has sabcmd wrapper which makes what you do using java.

FreeBSD prefers calling java executable javavm
If you insist on launching java to render each webpage consider using at least Turck MMCache or Zend,to avoid running java each time you present a page.

Just what do you want to accomplish by this launching of java???

If this is updating some data file some time, then FreeBSD has great scheduling tool called cron for that.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:jpegvarn
Comment Utility
Thank you for the responses.

yuzh, I've tried your suggestion and I am not able to get the output I desire.  Apache is being run by www, so I did the following:

chown www:www dirname
chmod 3750 dirname

If I run the below command in a shell as root, "java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl", an excel file is created in that particular folder.  As you see below, what I am trying to do is use the same command within a php script so it can be executed from any browser and the file will be created.

My explanation about the IIS 'Internet Guest Account' has to do with what I had to do on the windows machine for this step to work - I had to give this account permission to use the cmd.exe so it could return the output.

<?php
$output = shell_exec('java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl');
echo "<pre>$output</pre>";
?>
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
Comment Utility
use full path to java, then also make shure that you cd to the directory where to find saxon.jar etc. (or give full paths too)

Your apache's error_log or php-logfile should give you more detailled error messages
0
 

Author Comment

by:jpegvarn
Comment Utility
It was a path issue I was unaware of.  Thank you ahoffmann.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
OfficeMate Freezes on login or does not load after login credentials are input.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now