• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 854
  • Last Modified:

FreeBSD file permissions for php script to work

Hello,

Here is my problem...Please refer to http://www.experts-exchange.com/Web/Web_Languages/XML/Q_21161254.html for my previous question.  I have now moved everything over to the following platform and need permissions set.

FreeBSD 4.7
Apache 1.3.31

I'm guessing instead of 'Internet Guest Account,' I need to use 'www' ?  Previously I needed to give 'Internet Guest Account' access to use cmd.exe (please see shell-exec in the php script).

And what is the appropriate permissions to set on the folder?  chmod 777?

I am using a processor in a PHP script, see below:

<?php
$output = shell_exec(java -cp filename.jar x.y.z.MainClass filename.xml filename.xsl');
      echo "<pre>$output</pre>";
?>
0
jpegvarn
Asked:
jpegvarn
1 Solution
 
yuzhCommented:
If you run apache server as user nobody, you should set the permissions to 3750

eg:

maintainer = user fred:

chown fred:nobody dirname
chmod 3750 dirname

PS:
   chmod 3750 = chmod 750 dirname ; chmod g+s dirname

man chmod
to leran more details
0
 
ahoffmannCommented:
agreed with yuzh's 3750 ...

> needed to give 'Internet Guest Account' access to use cmd.exe
wired, what has cmd.exe to do with unix? could you please explain
0
 
gheistCommented:
So, welcome to new world of Apache webserver on your UNIX system.
It is designed ten years before your past windows system, and connected to Internet ten years before windows connected to network.

The overall aproach to user management are at least different if not more practical.

First there is unrestricted user called root (Something like LocalSystem account), and having user ID ( UID) of zero. This user account is mostly uset at system boot to launch resident programs (aka daemons, like Apache httpd you like) in the name of other other user accounts (like www you know of).

So, your httpd is started as user www and group www, and accesses all files like it was user www ( something like "Internet Guest Account")

No files in web directories should not belong to this user, since ultimate owner of file can always rewrite the file ( e.g. deface your website via webserver security hole)

But this makes your application into another confusion - it launches java, which always uses temporary files and lots of memory, and makes you create web root rewritable by webserver process itself.

Why don't you use previously suggested sablotron, for example it has sabcmd wrapper which makes what you do using java.

FreeBSD prefers calling java executable javavm
If you insist on launching java to render each webpage consider using at least Turck MMCache or Zend,to avoid running java each time you present a page.

Just what do you want to accomplish by this launching of java???

If this is updating some data file some time, then FreeBSD has great scheduling tool called cron for that.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
jpegvarnAuthor Commented:
Thank you for the responses.

yuzh, I've tried your suggestion and I am not able to get the output I desire.  Apache is being run by www, so I did the following:

chown www:www dirname
chmod 3750 dirname

If I run the below command in a shell as root, "java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl", an excel file is created in that particular folder.  As you see below, what I am trying to do is use the same command within a php script so it can be executed from any browser and the file will be created.

My explanation about the IIS 'Internet Guest Account' has to do with what I had to do on the windows machine for this step to work - I had to give this account permission to use the cmd.exe so it could return the output.

<?php
$output = shell_exec('java -classpath saxon.jar com.icl.saxon.StyleSheet  ResultSet.xml 2excel.xsl');
echo "<pre>$output</pre>";
?>
0
 
ahoffmannCommented:
use full path to java, then also make shure that you cd to the directory where to find saxon.jar etc. (or give full paths too)

Your apache's error_log or php-logfile should give you more detailled error messages
0
 
jpegvarnAuthor Commented:
It was a path issue I was unaware of.  Thank you ahoffmann.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now