Troubleshooting HTTPD permission denied errors?

Posted on 2014-02-19
Last Modified: 2014-02-26

I'm attempting to run a grep within a shell script file from my web browswer (it's called from a PHP file). I'm able to run the shell script on the command line but when I attempt to run it through the browswer I get a "Permission Denied" from the httpd error log pointing to the line that contains the grep command. Could someone suggest how I can troubleshoot this? Unsure why it's getting permission denied because the directories and files are all fully open permission wise and ownership is under my user for all files.

Thank you, Dave
Question by:dloszewski
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39871407
The web server does not run under your user but under a more limited user specifically for the web server.  It will not normally have permission to run local programs.  That is done intentionally to prevent security problems caused by outside users.

Author Comment

ID: 39880614
Is there a way around this, for instance if it's an internal web site that the outside world won't have access to? Or is there a way to isolate the local commands.
LVL 83

Accepted Solution

Dave Baldwin earned 250 total points
ID: 39880843
'suEXEC' is the normal way to give the web user permission to run as a local user.  If you also have 'suhosin' installed, it may fight with 'suEXEC' about you doing that.
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

LVL 27

Assisted Solution

skullnobrains earned 250 total points
ID: 39881994
you can debug by first trying to run the exact same command using

su -u www command

(or whatever user your httpd server runs as)

if the script you run has a shebang, you need both read and execute permissions on the script. alternatively, you can explicitely run "/bin/sh script_name" or whatever is in the shebang.

the web server should be allowed to run system binaries. from the error message i'd assume it is not chrooted so these binaries should exist. but the path variable will probably be set to something very restrictive so you may have to call various binaries including grep using the full path.


if the script actually only performs a basic grep, it is likely simpler and more performant to use pgrep in php directly.

Author Comment

ID: 39882502
I've decided to use awk instead of grep to do what I need, don't seem to be having the same issues since I don't have to run any commands on the system itself.  Thank you all for the help.
LVL 27

Expert Comment

ID: 39883192
you'll probably run into similar issues with awk. awk is a command like /bin/sh or /usr/bin/grep (or wherever those binaries are located on your system)

regarding permissions, also remember that if your user does not have read+execute access on all the parent directories, he/it won't be able to access the files

if you don't actually need to run a shell script, your best course of action is most likely to do the task in php directly. i'll happily help in this thread if you want. if not, don't bother answering as we'll be spamming everyone needlessly.

Author Comment

ID: 39883208
I would definitely be interested in knowing how to handle this task in php directly.  Thank you.
LVL 27

Expert Comment

ID: 39883877
please post details about the task or the shell script you currently use

Author Comment

ID: 39885324
I'm basically just trying to output a log file based on search criteria.  In this case it's on an ftp server so I'm searching for an ftp ID.  I was doing a grep in a sh script that was called from the php page.  I would search the log file ftp_log.$DATE based on 'ftp' or 'sftp' and do the grep on the $SEARCH criteria such as '4689' and print out the results to the screen.

The php file:
<title>FTP Searcher</title>


        if($_POST['formSearch'] == "Search")
               system("sh $_POST[TYPE] $_POST[SEARCH] $_POST[DATE] $_POST[SERVER]", $return_val);

<p><font face="Arial" size="2">
<form action="ftp_index.php" method="post">
        FTP/SFTP: <select name="TYPE">
                <option value="">Select...</option>
                <option value="ftp">FTP</option>
                <option value="sftp">SFTP</option>
        Search String: <input type="text" name="SEARCH"><br>
        Date (YY-MM-DD): <input type="text" name="DATE"><br>
        Server: <select name="SERVER">
                <option value="">Select...</option>
                <option value="sslmftp1">SSLMFTP1</option>
                <option value="sslmftp2">SSLMFTP2</option>
                <option value="stamftp1">STAMFTP1</option>
                <option value="stamftp2">STAMFTP1</option>
                <option value="sslmlvfp1">SSLMLVFP1</option>
                <option value="sslmlvfp2">SSLMLVFP2</option>

        <input type="submit" name="formSearch" value="Search">



Open in new window

# Utility to search FTP Logs for specified User and Date

#set -x

grep $TYPE logs/$SYSTEM/ftp_log.$DATE | grep $SEARCH > tmp/ftp_search.$$

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">'

echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>'

while read FTP_SEARCH
        rpt_start=`echo $FTP_SEARCH | awk -F"|" '{print $1}'`

        echo '<tr>'
        echo '    <td valign=top>'$rpt_start'</td>'
        echo '</tr>'

done < ftp_search.14-02-10

echo '</table>'

rm tmp/ftp_search.$DATE  

Open in new window

LVL 27

Expert Comment

ID: 39886174
try something like this

# open the log
$fh=fopen($l="logs/$SYSTEM/ftp_log.$DATE",'r') or die('cannot open log file='.var_export($l,true));

# read the log line by line
  # see if we have the proper line. if not move to next line
  # i'm using strpos but you can use fnmatch, ereg_match or preg_match if you need a pattern
  # i assume the id is surrounded by spaces. you'll probably need to adjust
  if(!strpos($line,' '.$ID.' '))continue;
  # get the first field (should mimick your awk)
  $rpt_start=substr($line,0,strpos($line,' ')); 
!$rpt_start or die('id was not found or line was not parsable);

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';
echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>';
echo '<tr>';
echo '    <td valign=top>'.$rpt_start.'</td>';
echo '</tr>';
echo '</table>';

Open in new window

there may be a few typos, and you'll probably need to adjust a little both the pattern matching and the error handling (you probably do not want to "die" but rather print some kind of decent error message and move on if you don't find the line) but this should cover it more or less

if you need help with the matching please provide a sample line

you can also use an preg similar to this one to retrieve the rpc_start field and do the matching at the same time but it will not be much more performant unless you need an ereg anyway

Author Comment

ID: 39886451
I'm gettingt the following error:

[Tue Feb 25 13:23:24 2014] [client] PHP Parse error:  syntax error, unexpected T_STRING in /app/www/ftp/ftp_index.php on line 50

This is line 50:

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';                                    

Open in new window


Author Comment

ID: 39886572
I fixed it by putting double quotes where the single quotes are at the beginning and end

Dealing with a unexepected $end error now so assuming I'm missing a semicolon or something
LVL 27

Expert Comment

ID: 39888147
i forgot the quote after "id was not found or line was not parsable" on the previous line

as mentioned in my previous post, I expect you to be able to deal with simple typos that your editor probably highlights

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This tutorial will discuss fancy secure registration forms, with AJAX technology support. In this article I assume you already know HTML and some JS. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you mig…
Recently I have been answering a lot of questions like this in IT forums that I frequent. The question posed is usually something along the lines of "We have software X installed and need to uninstall it for reason Y" or some other variant of the sa…
The viewer will learn how to dynamically set the form action using jQuery.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question