|
Home > Archive > Apache Server configuration support > October 2006 > Apache and expect
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| half.italian@gmail.com 2006-10-19, 1:29 am |
| Dolt!
I've posted this message on several different boards in an attempt to
get some help. It's not really a configuration error, but I need
advice from somebody schooled in the intricacies of Apache.
I have a php script running on apache that calls a Python script on the
server, which uses pexpect to become root and then executes some
commands.
When I run the Python script from the command line as 'www', it
successfully becomes root and does everything as it should. But, when
I have php script execute the exact same script from a served page, the
password is not accepted, and the command fails. The password is
absolutely correct.
There must be something about the environment that is not passing the
password properly, or that is preventing the executed script from
becoming root. What are the differences betweeen running a command
locally as 'www' and running it via Apache as the same user? Any ideas
on how to debug this?? I'm stuck.
Thanks.
~Sean D
| |
| Davide Bianchi 2006-10-19, 1:23 pm |
| On 2006-10-19, half.italian@gmail.com <half.italian@gmail.com> wrote:
> I have a php script running on apache that calls a Python script on the
> server, which uses pexpect to become root and then executes some
> commands.
.... a php script that calls a Python script that calls expect... talking
about intricacies...
> When I run the Python script from the command line as 'www', it
> successfully becomes root and does everything as it should.
I suspect that the problem is in the way php manage the 'security' of
the execution of external processes. Not really the way Apache uses it.
> What are the differences betweeen running a command
> locally as 'www' and running it via Apache as the same user?
The PATH, just to say one, but you're not running it as Apache, you're
running php that in turns runs your script. I'd start by calling
directly the Python script without php in the middle, try to
simplify the things.
Davide
--
I could dance with you until the cows come home. On second
thought, I'd rather dance with the cows until you come home.
-- Julius Henry "Groucho" Marx (http://en.wikiquote.org/wiki/Groucho_Marx)
| |
| half.italian@gmail.com 2006-10-20, 1:29 am |
| Thanks for responding Davide.
> I'd start by calling directly the Python script without php in the middle, try to simplify the things.
That works. Like I said, when I run the Python script from the command
line it executes properly. The idea though is a web interface that
allows users to kick off these processes from a remote webpage. Is
there another easy way to kick these off without php but still from a
remote webpage?
> I suspect that the problem is in the way php manage the 'security' of
> the execution of external processes. Not really the way Apache uses it.
To try to debug I printed the environment variables of the process as
it was run when called from the php script. It returned what looked
like a bunch of Apache environment vars. (see below) I also tried a
couple of different execution methods in php system() exec() and
shell_cmd() ( i think thats what it's called )
~Sean
~~~~~~~~~~~`printenv` executed in the Python script when called from
PHP
SSL_CLIENT_VERIFY=NONE
SSL_SERVER_A_KEY=rsaEncryption
SSL_SESSION_ID=XXXXXX
SERVER_SIGNATURE=<ADDRESS>Apache/1.3.27 Server at 127.0.0.1 Port
311</ADDRESS>
UNIQUE_ID=XXXXXX
SSL_VERSION_LIBRARY=OpenSSL/0.9.7b
HTTP_HOST=XXXXXX
SERVER_PORT=XXXXXX
SSL_CIPHER_ALGKEYSIZE=128
SSL_SERVER_I_DN=/OU=servermgrd/CN=www.example.com
DOCUMENT_ROOT=/usr/share/servermgrd/html
HTTPS=on
SCRIPT_FILENAME=/usr/share/servermgrd/cgi-bin/servermgr_web
SSL_SERVER_I_DN_OU=servermgrd
REQUEST_URI=/commands/servermgr_web
SCRIPT_NAME=/commands/servermgr_web
SSL_SERVER_S_DN_OU=servermgrd
__CF_USER_TEXT_ENCODING=0x46:0:0
SSL_SERVER_S_DN=/OU=servermgrd/CN=www.example.com
SSL_VERSION_INTERFACE=mod_ssl/2.8.12
REMOTE_USER=<USE_SESSION_ID>
SSL_CIPHER_EXPORT=false
HTTP_SERVERMANAGERSESSIONID=XXXXXX
REMOTE_PORT=65279
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/CoreServices
_=/usr/bin/printenv
SSL_CIPHER=RC4-SHA
SERVER_ADMIN=any@any.net
PWD=/Library/WebServer/Documents
SSL_SERVER_A_SIG=sha1WithRSAEncryption
SSL_SERVER_M_SERIAL=00
SSL_PROTOCOL=TLSv1
SSL_SERVER_S_DN_CN=www.example.com
REMOTE_ADDR=127.0.0.1
SERVER_NAME=127.0.0.1
SESSION_ID_FILE_PATH=XXXXXX
SSL_SERVER_M_VERSION=3
SHLVL=2
CONTENT_LENGTH=526
SERVER_SOFTWARE=Apache/1.3.27 (Darwin) mod_ssl/2.8.12 OpenSSL/0.9.7b
QUERY_STRING=
SERVER_ADDR=127.0.0.1
SSL_SERVER_V_END=May 11 23:28:16 2006 GMT
GATEWAY_INTERFACE=CGI/1.1
SERVER_PROTOCOL=HTTP/1.0
SSL_SERVER_I_DN_CN=www.example.com
HTTP_HTTP_USER_AGENT=CFNetwork-ServerManagerDaemonSession
REQUEST_METHOD=POST
SSL_CIPHER_USEKEYSIZE=128
SSL_SERVER_V_START=May 11 23:28:16 2005 GMT
Davide Bianchi wrote:
> On 2006-10-19, half.italian@gmail.com <half.italian@gmail.com> wrote:
>
> ... a php script that calls a Python script that calls expect... talking
> about intricacies...
>
>
> I suspect that the problem is in the way php manage the 'security' of
> the execution of external processes. Not really the way Apache uses it.
>
>
> The PATH, just to say one, but you're not running it as Apache, you're
> running php that in turns runs your script. I'd start by calling
> directly the Python script without php in the middle, try to
> simplify the things.
>
> Davide
>
> --
> I could dance with you until the cows come home. On second
> thought, I'd rather dance with the cows until you come home.
> -- Julius Henry "Groucho" Marx (http://en.wikiquote.org/wiki/Groucho_Marx)
| |
| Davide Bianchi 2006-10-20, 1:29 am |
| On 2006-10-19, half.italian@gmail.com <half.italian@gmail.com> wrote:
> That works. Like I said, when I run the Python script from the command
> line it executes properly.
Yes, my idea was to call it from Apache but without php in the middle.
> there another easy way to kick these off without php but still from a
> remote webpage?
Using a CGI (a simple shell script) or calling directly the Python
script as a CGI.
Davide
--
My group's mission statement - "You want *what* ? By *WHEN* ?"
--Simon Burr
| |
| half.italian@gmail.com 2006-10-20, 1:29 am |
| Thanks for your responses Davide. On some advice I got it working by
adding an entry to /etc/sudoers for user 'www' to execute the script as
root instead.
I'll still try to do what you mentioned to narrow down the problem to
cure my curiousity.
~Sean
Right. Thanks davide, I'll try that just
Davide Bianchi wrote:
> On 2006-10-19, half.italian@gmail.com <half.italian@gmail.com> wrote:
>
> Yes, my idea was to call it from Apache but without php in the middle.
>
>
> Using a CGI (a simple shell script) or calling directly the Python
> script as a CGI.
>
> Davide
>
> --
> My group's mission statement - "You want *what* ? By *WHEN* ?"
> --Simon Burr
|
|
|
|
|