Troubleshooting HTTPD permission denied errors?

Posted on 2014-02-19
Medium Priority
Last Modified: 2014-02-26

I'm attempting to run a grep within a shell script file from my web browswer (it's called from a PHP file). I'm able to run the shell script on the command line but when I attempt to run it through the browswer I get a "Permission Denied" from the httpd error log pointing to the line that contains the grep command. Could someone suggest how I can troubleshoot this? Unsure why it's getting permission denied because the directories and files are all fully open permission wise and ownership is under my user for all files.

Thank you, Dave
Question by:dloszewski
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39871407
The web server does not run under your user but under a more limited user specifically for the web server.  It will not normally have permission to run local programs.  That is done intentionally to prevent security problems caused by outside users.

Author Comment

ID: 39880614
Is there a way around this, for instance if it's an internal web site that the outside world won't have access to? Or is there a way to isolate the local commands.
LVL 84

Accepted Solution

Dave Baldwin earned 1000 total points
ID: 39880843
'suEXEC' is the normal way to give the web user permission to run as a local user.  If you also have 'suhosin' installed, it may fight with 'suEXEC' about you doing that.


Application Discovery Service in AWS

In the era of the cloud, customers migrating away from their existing on-premise infrastructure. This requires lots of planning, strategies, and effort to identify their existing resources and determine how best to migrate.  Datacenter migrations happen in four phases -

LVL 27

Assisted Solution

skullnobrains earned 1000 total points
ID: 39881994
you can debug by first trying to run the exact same command using

su -u www command

(or whatever user your httpd server runs as)

if the script you run has a shebang, you need both read and execute permissions on the script. alternatively, you can explicitely run "/bin/sh script_name" or whatever is in the shebang.

the web server should be allowed to run system binaries. from the error message i'd assume it is not chrooted so these binaries should exist. but the path variable will probably be set to something very restrictive so you may have to call various binaries including grep using the full path.


if the script actually only performs a basic grep, it is likely simpler and more performant to use pgrep in php directly.

Author Comment

ID: 39882502
I've decided to use awk instead of grep to do what I need, don't seem to be having the same issues since I don't have to run any commands on the system itself.  Thank you all for the help.
LVL 27

Expert Comment

ID: 39883192
you'll probably run into similar issues with awk. awk is a command like /bin/sh or /usr/bin/grep (or wherever those binaries are located on your system)

regarding permissions, also remember that if your user does not have read+execute access on all the parent directories, he/it won't be able to access the files

if you don't actually need to run a shell script, your best course of action is most likely to do the task in php directly. i'll happily help in this thread if you want. if not, don't bother answering as we'll be spamming everyone needlessly.

Author Comment

ID: 39883208
I would definitely be interested in knowing how to handle this task in php directly.  Thank you.
LVL 27

Expert Comment

ID: 39883877
please post details about the task or the shell script you currently use

Author Comment

ID: 39885324
I'm basically just trying to output a log file based on search criteria.  In this case it's on an ftp server so I'm searching for an ftp ID.  I was doing a grep in a sh script that was called from the php page.  I would search the log file ftp_log.$DATE based on 'ftp' or 'sftp' and do the grep on the $SEARCH criteria such as '4689' and print out the results to the screen.

The php file:
<title>FTP Searcher</title>


        if($_POST['formSearch'] == "Search")
               system("sh ftp_search.sh $_POST[TYPE] $_POST[SEARCH] $_POST[DATE] $_POST[SERVER]", $return_val);

<p><font face="Arial" size="2">
<form action="ftp_index.php" method="post">
        FTP/SFTP: <select name="TYPE">
                <option value="">Select...</option>
                <option value="ftp">FTP</option>
                <option value="sftp">SFTP</option>
        Search String: <input type="text" name="SEARCH"><br>
        Date (YY-MM-DD): <input type="text" name="DATE"><br>
        Server: <select name="SERVER">
                <option value="">Select...</option>
                <option value="sslmftp1">SSLMFTP1</option>
                <option value="sslmftp2">SSLMFTP2</option>
                <option value="stamftp1">STAMFTP1</option>
                <option value="stamftp2">STAMFTP1</option>
                <option value="sslmlvfp1">SSLMLVFP1</option>
                <option value="sslmlvfp2">SSLMLVFP2</option>

        <input type="submit" name="formSearch" value="Search">



Open in new window


# Utility to search FTP Logs for specified User and Date

#set -x

grep $TYPE logs/$SYSTEM/ftp_log.$DATE | grep $SEARCH > tmp/ftp_search.$$

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">'

echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>'

while read FTP_SEARCH
        rpt_start=`echo $FTP_SEARCH | awk -F"|" '{print $1}'`

        echo '<tr>'
        echo '    <td valign=top>'$rpt_start'</td>'
        echo '</tr>'

done < ftp_search.14-02-10

echo '</table>'

rm tmp/ftp_search.$DATE  

Open in new window

LVL 27

Expert Comment

ID: 39886174
try something like this

# open the log
$fh=fopen($l="logs/$SYSTEM/ftp_log.$DATE",'r') or die('cannot open log file='.var_export($l,true));

# read the log line by line
  # see if we have the proper line. if not move to next line
  # i'm using strpos but you can use fnmatch, ereg_match or preg_match if you need a pattern
  # i assume the id is surrounded by spaces. you'll probably need to adjust
  if(!strpos($line,' '.$ID.' '))continue;
  # get the first field (should mimick your awk)
  $rpt_start=substr($line,0,strpos($line,' ')); 
!$rpt_start or die('id was not found or line was not parsable);

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';
echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>';
echo '<tr>';
echo '    <td valign=top>'.$rpt_start.'</td>';
echo '</tr>';
echo '</table>';

Open in new window

there may be a few typos, and you'll probably need to adjust a little both the pattern matching and the error handling (you probably do not want to "die" but rather print some kind of decent error message and move on if you don't find the line) but this should cover it more or less

if you need help with the matching please provide a sample line

you can also use an preg similar to this one to retrieve the rpc_start field and do the matching at the same time but it will not be much more performant unless you need an ereg anyway

Author Comment

ID: 39886451
I'm gettingt the following error:

[Tue Feb 25 13:23:24 2014] [client] PHP Parse error:  syntax error, unexpected T_STRING in /app/www/ftp/ftp_index.php on line 50

This is line 50:

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';                                    

Open in new window


Author Comment

ID: 39886572
I fixed it by putting double quotes where the single quotes are at the beginning and end

Dealing with a unexepected $end error now so assuming I'm missing a semicolon or something
LVL 27

Expert Comment

ID: 39888147
i forgot the quote after "id was not found or line was not parsable" on the previous line

as mentioned in my previous post, I expect you to be able to deal with simple typos that your editor probably highlights

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is becoming increasingly popular to have a front-page slider on a web site. Nearly every TV website,  magazine or online news has one on their site, and even some e-commerce sites have one. Today you can use sliders with Joomla, WordPress or …
Recently I have been answering a lot of questions like this in IT forums that I frequent. The question posed is usually something along the lines of "We have software X installed and need to uninstall it for reason Y" or some other variant of the sa…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question