Solved

Troubleshooting HTTPD permission denied errors?

Posted on 2014-02-19
13
196 Views
Last Modified: 2014-02-26
Hello,

I'm attempting to run a grep within a shell script file from my web browswer (it's called from a PHP file). I'm able to run the shell script on the command line but when I attempt to run it through the browswer I get a "Permission Denied" from the httpd error log pointing to the line that contains the grep command. Could someone suggest how I can troubleshoot this? Unsure why it's getting permission denied because the directories and files are all fully open permission wise and ownership is under my user for all files.

Thank you, Dave
0
Comment
Question by:dloszewski
  • 6
  • 5
  • 2
13 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39871407
The web server does not run under your user but under a more limited user specifically for the web server.  It will not normally have permission to run local programs.  That is done intentionally to prevent security problems caused by outside users.
0
 

Author Comment

by:dloszewski
ID: 39880614
Is there a way around this, for instance if it's an internal web site that the outside world won't have access to? Or is there a way to isolate the local commands.
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 39880843
'suEXEC' is the normal way to give the web user permission to run as a local user.  If you also have 'suhosin' installed, it may fight with 'suEXEC' about you doing that.

http://httpd.apache.org/docs/2.2/suexec.html

http://www.hardened-php.net/suhosin/
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 250 total points
ID: 39881994
you can debug by first trying to run the exact same command using

su -u www command

(or whatever user your httpd server runs as)

if the script you run has a shebang, you need both read and execute permissions on the script. alternatively, you can explicitely run "/bin/sh script_name" or whatever is in the shebang.

the web server should be allowed to run system binaries. from the error message i'd assume it is not chrooted so these binaries should exist. but the path variable will probably be set to something very restrictive so you may have to call various binaries including grep using the full path.

--

if the script actually only performs a basic grep, it is likely simpler and more performant to use pgrep in php directly.
0
 

Author Comment

by:dloszewski
ID: 39882502
I've decided to use awk instead of grep to do what I need, don't seem to be having the same issues since I don't have to run any commands on the system itself.  Thank you all for the help.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39883192
you'll probably run into similar issues with awk. awk is a command like /bin/sh or /usr/bin/grep (or wherever those binaries are located on your system)

regarding permissions, also remember that if your user does not have read+execute access on all the parent directories, he/it won't be able to access the files

if you don't actually need to run a shell script, your best course of action is most likely to do the task in php directly. i'll happily help in this thread if you want. if not, don't bother answering as we'll be spamming everyone needlessly.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:dloszewski
ID: 39883208
I would definitely be interested in knowing how to handle this task in php directly.  Thank you.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39883877
please post details about the task or the shell script you currently use
0
 

Author Comment

by:dloszewski
ID: 39885324
I'm basically just trying to output a log file based on search criteria.  In this case it's on an ftp server so I'm searching for an ftp ID.  I was doing a grep in a sh script that was called from the php page.  I would search the log file ftp_log.$DATE based on 'ftp' or 'sftp' and do the grep on the $SEARCH criteria such as '4689' and print out the results to the screen.

The php file:
<html>
<head>
<title>FTP Searcher</title>
</head>

<body>

<?php
        if($_POST['formSearch'] == "Search")
        {
               system("sh ftp_search.sh $_POST[TYPE] $_POST[SEARCH] $_POST[DATE] $_POST[SERVER]", $return_val);
        }
?>

<p><font face="Arial" size="2">
<form action="ftp_index.php" method="post">
        FTP/SFTP: <select name="TYPE">
                <option value="">Select...</option>
                <option value="ftp">FTP</option>
                <option value="sftp">SFTP</option>
        </select><br>
        Search String: <input type="text" name="SEARCH"><br>
        Date (YY-MM-DD): <input type="text" name="DATE"><br>
        Server: <select name="SERVER">
                <option value="">Select...</option>
                <option value="sslmftp1">SSLMFTP1</option>
                <option value="sslmftp2">SSLMFTP2</option>
                <option value="stamftp1">STAMFTP1</option>
                <option value="stamftp2">STAMFTP1</option>
                <option value="sslmlvfp1">SSLMLVFP1</option>
                <option value="sslmlvfp2">SSLMLVFP2</option>
        </select><br><br>

        <input type="submit" name="formSearch" value="Search">

</form></font></p>

</body>
</html> 

Open in new window


ftp_search.sh:
#!/bin/bash


# Utility to search FTP Logs for specified User and Date

#set -x
SEARCH=$2
DATE=$3
SYSTEM=$4
TYPE=$1

grep $TYPE logs/$SYSTEM/ftp_log.$DATE | grep $SEARCH > tmp/ftp_search.$$

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">'

echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>'

while read FTP_SEARCH
do
        rpt_start=`echo $FTP_SEARCH | awk -F"|" '{print $1}'`

        echo '<tr>'
        echo '    <td valign=top>'$rpt_start'</td>'
        echo '</tr>'

done < ftp_search.14-02-10

echo '</table>'

rm tmp/ftp_search.$DATE  

Open in new window

0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39886174
try something like this

# open the log
$fh=fopen($l="logs/$SYSTEM/ftp_log.$DATE",'r') or die('cannot open log file='.var_export($l,true));

# read the log line by line
$rpt_start=null;
while($line=fgets($fh)){
  # see if we have the proper line. if not move to next line
  # i'm using strpos but you can use fnmatch, ereg_match or preg_match if you need a pattern
  # i assume the id is surrounded by spaces. you'll probably need to adjust
  if(!strpos($line,' '.$ID.' '))continue;
  # get the first field (should mimick your awk)
  $rpt_start=substr($line,0,strpos($line,' ')); 
}
!$rpt_start or die('id was not found or line was not parsable);

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';
echo '<tr><td valign="top" align="center" bgcolor="#800000"> <font color="#FFFFFF"><b>Search</b></font></td></tr>';
echo '<tr>';
echo '    <td valign=top>'.$rpt_start.'</td>';
echo '</tr>';
echo '</table>';

Open in new window


there may be a few typos, and you'll probably need to adjust a little both the pattern matching and the error handling (you probably do not want to "die" but rather print some kind of decent error message and move on if you don't find the line) but this should cover it more or less

if you need help with the matching please provide a sample line

you can also use an preg similar to this one to retrieve the rpc_start field and do the matching at the same time but it will not be much more performant unless you need an ereg anyway
/^(\S*)\s.*\s$ID\s/
0
 

Author Comment

by:dloszewski
ID: 39886451
I'm gettingt the following error:

[Tue Feb 25 13:23:24 2014] [client 172.16.65.145] PHP Parse error:  syntax error, unexpected T_STRING in /app/www/ftp/ftp_index.php on line 50

This is line 50:

echo '<table border="1" width="500"  font color="#0000FF" size="1" face="Arial" style="font-family: Arial; color: #0000FF; font-size: 8pt"  bgcolor="#99FF99" bordercolor="#CCFFCC" cellspacing="0" cellpadding="5">';                                    

Open in new window

0
 

Author Comment

by:dloszewski
ID: 39886572
I fixed it by putting double quotes where the single quotes are at the beginning and end

Dealing with a unexepected $end error now so assuming I'm missing a semicolon or something
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39888147
i forgot the quote after "id was not found or line was not parsable" on the previous line

as mentioned in my previous post, I expect you to be able to deal with simple typos that your editor probably highlights
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now