• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 212
  • Last Modified:

Troubleshooting HTTPD permission denied errors?

Hello,

I'm attempting to run a grep within a shell script file from my web browswer (it's called from a PHP file). I'm able to run the shell script on the command line but when I attempt to run it through the browswer I get a "Permission Denied" from the httpd error log pointing to the line that contains the grep command. Could someone suggest how I can troubleshoot this? Unsure why it's getting permission denied because the directories and files are all fully open permission wise and ownership is under my user for all files.

Thank you, Dave
0
dloszewski
Asked:
dloszewski
  • 6
  • 5
  • 2
2 Solutions
 
Dave BaldwinFixer of ProblemsCommented:
The web server does not run under your user but under a more limited user specifically for the web server.  It will not normally have permission to run local programs.  That is done intentionally to prevent security problems caused by outside users.
0
 
dloszewskiAuthor Commented:
Is there a way around this, for instance if it's an internal web site that the outside world won't have access to? Or is there a way to isolate the local commands.
0
 
Dave BaldwinFixer of ProblemsCommented:
'suEXEC' is the normal way to give the web user permission to run as a local user.  If you also have 'suhosin' installed, it may fight with 'suEXEC' about you doing that.

http://httpd.apache.org/docs/2.2/suexec.html

http://www.hardened-php.net/suhosin/
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
skullnobrainsCommented:
you can debug by first trying to run the exact same command using

su -u www command

(or whatever user your httpd server runs as)

if the script you run has a shebang, you need both read and execute permissions on the script. alternatively, you can explicitely run "/bin/sh script_name" or whatever is in the shebang.

the web server should be allowed to run system binaries. from the error message i'd assume it is not chrooted so these binaries should exist. but the path variable will probably be set to something very restrictive so you may have to call various binaries including grep using the full path.

--

if the script actually only performs a basic grep, it is likely simpler and more performant to use pgrep in php directly.
0
 
dloszewskiAuthor Commented:
I've decided to use awk instead of grep to do what I need, don't seem to be having the same issues since I don't have to run any commands on the system itself.  Thank you all for the help.
0
 
skullnobrainsCommented:
you'll probably run into similar issues with awk. awk is a command like /bin/sh or /usr/bin/grep (or wherever those binaries are located on your system)

regarding permissions, also remember that if your user does not have read+execute access on all the parent directories, he/it won't be able to access the files

if you don't actually need to run a shell script, your best course of action is most likely to do the task in php directly. i'll happily help in this thread if you want. if not, don't bother answering as we'll be spamming everyone needlessly.
0
 
dloszewskiAuthor Commented:
I would definitely be interested in knowing how to handle this task in php directly.  Thank you.
0
 
skullnobrainsCommented:
please post details about the task or the shell script you currently use
0
 
dloszewskiAuthor Commented:
I'm basically just trying to output a log file based on search criteria.  In this case it's on an ftp server so I'm searching for an ftp ID.  I was doing a grep in a sh script that was called from the php page.  I would search the log file ftp_log.$DATE based on 'ftp' or 'sftp' and do the grep on the $SEARCH criteria such as '4689' and print out the results to the screen.

The php file:
<html>
<head>
<title>FTP Searcher</title>
</head>

<body>

<?php
        if($_POST['formSearch'] == "Search")
        {
               system("sh ftp_search.sh $_POST[TYPE] $_POST[SEARCH] $_POST[DATE] $_POST[SERVER]", $return_val);
        }
?>

<p><font face="Arial" size="2">
<form action="ftp_index.php" method="post">
        FTP/SFTP: <select name="TYPE">
                <option value="">Select...</option>
                <option value="ftp">FTP</option>
                <option value="sftp">SFTP</option>
        </select><br>
        Search String: <input type="text" name="SEARCH"><br>
        Date (YY-MM-DD): <input type="text" name="DATE"><br>
        Server: <select name="SERVER">
                <option value="">Select...</option>
                <option value="sslmftp1">SSLMFTP1</option>
                <option value="sslmftp2">SSLMFTP2</option>
                <option value="stamftp1">STAMFTP1</option>
                <option value="stamftp2">STAMFTP1</option>
                <option value="sslmlvfp1">SSLMLVFP1</option>
                <option value="sslmlvfp2">SSLMLVFP2</option>
        </select><br><br>

        <input type="submit" name="formSearch" value="Search">

</form></font></p>

</body>
</html> 

Open in new window


ftp_search.sh:
#!/bin/bash


# Utility to search FTP Logs for specified User and Date

#set -x
SEARCH=$2
DATE=$3
SYSTEM=$4
TYPE=$1

grep $TYPE logs/$SYSTEM/ftp_log.$DATE | grep $SEARCH > tmp/ftp_search.$$

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">'

echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>'

while read FTP_SEARCH
do
        rpt_start=`echo $FTP_SEARCH | awk -F"|" '{print $1}'`

        echo '<tr>'
        echo '    <td valign=top>'$rpt_start'</td>'
        echo '</tr>'

done < ftp_search.14-02-10

echo '</table>'

rm tmp/ftp_search.$DATE  

Open in new window

0
 
skullnobrainsCommented:
try something like this

# open the log
$fh=fopen($l="logs/$SYSTEM/ftp_log.$DATE",'r') or die('cannot open log file='.var_export($l,true));

# read the log line by line
$rpt_start=null;
while($line=fgets($fh)){
  # see if we have the proper line. if not move to next line
  # i'm using strpos but you can use fnmatch, ereg_match or preg_match if you need a pattern
  # i assume the id is surrounded by spaces. you'll probably need to adjust
  if(!strpos($line,' '.$ID.' '))continue;
  # get the first field (should mimick your awk)
  $rpt_start=substr($line,0,strpos($line,' ')); 
}
!$rpt_start or die('id was not found or line was not parsable);

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';
echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>';
echo '<tr>';
echo '    <td valign=top>'.$rpt_start.'</td>';
echo '</tr>';
echo '</table>';

Open in new window


there may be a few typos, and you'll probably need to adjust a little both the pattern matching and the error handling (you probably do not want to "die" but rather print some kind of decent error message and move on if you don't find the line) but this should cover it more or less

if you need help with the matching please provide a sample line

you can also use an preg similar to this one to retrieve the rpc_start field and do the matching at the same time but it will not be much more performant unless you need an ereg anyway
/^(\S*)\s.*\s$ID\s/
0
 
dloszewskiAuthor Commented:
I'm gettingt the following error:

[Tue Feb 25 13:23:24 2014] [client 172.16.65.145] PHP Parse error:  syntax error, unexpected T_STRING in /app/www/ftp/ftp_index.php on line 50

This is line 50:

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';                                    

Open in new window

0
 
dloszewskiAuthor Commented:
I fixed it by putting double quotes where the single quotes are at the beginning and end

Dealing with a unexepected $end error now so assuming I'm missing a semicolon or something
0
 
skullnobrainsCommented:
i forgot the quote after "id was not found or line was not parsable" on the previous line

as mentioned in my previous post, I expect you to be able to deal with simple typos that your editor probably highlights
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 6
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now