system () problems

slightlyeskew

Hey guys!

I'm testing a simple system() script and I'm having trouble. I'm almost the trouble stems from incorrect file permissions but I'm not entirely sure which ones need to be modified and what they should be modified to.

system('mysqldump -u root -ppassword --databases databasename >/home/username/Desktop/itworks.sql');

//lets try to put it on the desktop

echo 'it worked 8?';

I'm not sure who should have file permissions to what to make this work, but the sql dump is not working from the script but it IS working from the command line typing that exact line. Any help would be greatly appreciated, thanks for your time!

bradgrafelman

Whichever user invokes the PHP interpreter is the who will need permissions to access that directory and create a file in it. If you're using Apache, many *nix distros use a user like 'www', 'apache', etc. - the `whoami' command might be an easy way to confirm this.

slightlyeskew

Thanks for the quick response. I made the 'whoami' script and determined the user was 'www-data' which I guess is the user that invokes the PHP interpreter.

The problem I'm having now is finding where the file is that I need to chown :o

Everywhere I've seen 'www-data' I've chowned to 'root' but the 'whoami' script is still returning 'www-data'. Any suggestions on where to look? Thanks again for your time and help!

-slight

bradgrafelman

slightlyeskew;10988920 wrote:
The problem I'm having now is finding where the file is that I need to chown :o

To do... what? Apache (or whatever your httpd is) needs to be configured (e.g. in the httpd.conf file) to run under a valid account on the server. You can't just chown a certain file and suddenly all of Apache's processes will take on a new identity.

And besides, you definitely wouldn't want your webserver running as root.

slightlyeskew

Hey brad, sorry if I was being unclear I am both a PHP and linux noob.

I just assumed that if I changed all the owners of the files to 'root' instead of www-data that would effectively remove that user and the webserver would then run under the root account.

Is there a way to just give the www-data account permissions to use the mysqldump utility?

Thanks again for your time.

-slight

bradgrafelman

slightlyeskew;10988925 wrote:
Is there a way to just give the www-data account permissions to use the mysqldump utility?

Well sure - just chmod the executable so that 'everyone' has read and execute permissions. However, I suspect that this is already the case.

Have you tried running mysqldump via PHP without redirecting the output to a file (just to verify that you can in fact execute that program)? What's more likely to be the problem is that the 'www-data' user doesn't have permission to write to files in '/home/username/Desktop/'.

You'll want to either a) make sure both you and 'www-data' have a group in common and set the group permissions for the 'Desktop' directory to allow writing, or b) simply allow writing to the 'Desktop' folder for everyone. Also note that the 'www-data' user must have execute permissions on all directories in the chain leading up to the file (e.g. /home and /home/username).

dalecosp

bradgrafelman;10988926 wrote:
Have you tried running mysqldump via PHP without redirecting the output to a file (just to verify that you can in fact execute that program)? What's more likely to be the problem is that the 'www-data' user doesn't have permission to write to files in '/home/username/Desktop/'.

A simple call to [man]is_writable/man prior to execution of the system command might help to debug that eventuality, to some extent. A Real Program(tm) would probably wrap the system call in a conditional to check just that and alert you with a proper error response if the check failed.

sneakyimp

It sounds to me like you are using Debian or Ubuntu if your apache user is www-data. I would NOT recommend trying to change the apache user to anything else -- especially not root as this would likely introduce all kinds of security problems.

Instead, you need to find the directories or files affected by your system command and make those files readable/writeable by www-data. An obvious one is the dir /home/username/Desktop/ which probably belongs to username. Rather than using such an important/critical directory as your desktop directory, i would recommend creating a subdirectory in that folder and assigning read/write/execute permissions on the subfolder to www-data:

sudo mkdir /home/username/Desktop/dump_folder
sudo chown username:www-data /home/username/Desktop/dump_folder
sudo chmod 775 /home/username/Desktop/dump_folder

Since you are specifying the username and password in your system() command, that should sidestep any permissions problems as long as the username and password are correct and have access to the database being dumped. Note that it might present a bit of a security problem if the user www-data has a log file of its command line actions stored on the server because this file (also accessible to any other script run on your web server) would contain the mysql root user and password stored as plain text.