abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 6:55 pm

It's easy to install a web server on the Pi But it is difficult to execute a file (PHP, or Python or another language) on this server because of permission. If I install apache server and I want to run php program on apache server. How to give permission to run php program on apache server ?

Apache server usually run as the user "www-data" and User www-data doesn't allow to run php program on the server because it doesn't have permission to run file on it.

How to run php on apache server without breaking security issues ?

User avatar
topguy
Posts: 5463
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 7:05 pm

Apache server usually run as the user "www-data" and User www-data doesn't allow to run php program on the server because it doesn't have permission to run file on it.
If the file is owned by www-data its not a problem.
- You print the current access rights by using "ls -l"
- You change the owner and group of a file by using "chown"
- You change the permissions on the file with "chmod"

If you still have questions, tell us which directory the php file is in and show us the result of "ls -l".

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 7:51 pm

topguy wrote:
Sat Dec 09, 2017 7:05 pm
If you still have questions, tell us which directory the php file is in and show us the result of "ls -l".
[email protected]:~ $ cd /var/www/html
[email protected]:/var/www/html $ ls -l
total 4
-rw-r--r-- 1 www-data www-data 338 Dec 3 17:36 index.php
[email protected]:/var/www/html $

Do I need to change the user?

User avatar
rpdom
Posts: 14072
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 8:08 pm

Those permissions should be sufficient. Why do you say it hasn't got permissions? Is there an error in a log file somewhere?

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 8:21 pm

rpdom wrote:
Sat Dec 09, 2017 8:08 pm
Those permissions should be sufficient. Why do you say it hasn't got permissions? Is there an error in a log file somewhere?
Then why it show Permission denied

-rw-r--r-- 1 www-data www-data 338 Dec 3 17:36 index.php
[email protected]:/var/www/html $ /var/log/apache2/error.log
bash: /var/log/apache2/error.log: Permission denied

User avatar
joan
Posts: 13915
Joined: Thu Jul 05, 2012 5:09 pm
Location: UK

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 8:48 pm

Because you are trying to run error.log as a program. It is not a program, it is an error log, i.e. it is a text file containing errors. You need to view the messages.

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 9:02 pm

joan wrote:
Sat Dec 09, 2017 8:48 pm
Because you are trying to run error.log as a program. It is not a program, it is an error log, i.e. it is a text file containing errors. You need to view the messages.
Does it mean there is errors in my program but I don't see what's error . Is this wrong path "/usr/local/bin/gpio?
Why this show old date?
[email protected]:/var/www/html $ cat /var/log/apache2/error.log
[Sat Dec 09 21:42:35.657740 2017] [mpm_prefork:notice] [pid 467] AH00163: Apache/2.4.25 (Raspbian) configured -- resuming normal operations
[Sat Dec 09 21:42:35.659362 2017] [core:notice] [pid 467] AH00094: Command line: '/usr/sbin/apache2'

User avatar
topguy
Posts: 5463
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 9:59 pm

Your "error.log" file only contain information about each time the apache server starts.
If you want to see IF your PHP program has been run, take a look at "access.log".

What is index.php supposed to do ? What do you see when you open that page in a browser ?

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 10:14 pm

topguy wrote:
Sat Dec 09, 2017 9:59 pm
What is index.php supposed to do ? What do you see when you open that page in a browser ?
When I open browser I see two button's on/off
When click on ON button then led should be turn on and when I click on off button led should be turn off But this is not happening

User avatar
topguy
Posts: 5463
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 10:28 pm

Have you copied this code from a page you can give us a link to or can you show us the PHP code that is executed when you push the buttons.
Is this wrong path "/usr/local/bin/gpio?
That depends...
Is this program part of WiringPi ?
Have you compiled WiringPi yourself or installed it with "apt-get" ?
"/usr/local/bin" is usually used when you build and install programs from sourcecode.
"/usr/bin" is where programs installed with apt-get are installed.

If you want to check where "gpio" is located you can do that by running the command "which gpio" from the commandline.

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Sat Dec 09, 2017 10:37 pm

topguy wrote:
Sat Dec 09, 2017 10:28 pm
can you show us the PHP code that is executed when you push the buttons.
"/usr/local/bin"
This is program that I am using

Code: Select all

<?php

if(isset($_POST['button']))
{
  system ("gpio mode 0 out");
  system ("gpio write 18 1");
}
else if (isset($_POST['btn']))
{
  system ("gpio write 18 0");
}
?>

<html>
<body>
   <form method="post">
   <p>
   <button name="button">On</button>
   </p>
    <p>
   <button name="btn">Off</button>
    </p>
  </form>
  <body>
</html>

User avatar
DougieLawson
Posts: 35118
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to execute program on server without breaking security issues ?

Sun Dec 10, 2017 7:41 pm

topguy wrote:
Sat Dec 09, 2017 9:59 pm
Your "error.log" file only contain information about each time the apache server starts.
If you want to see IF your PHP program has been run, take a look at "access.log".

What is index.php supposed to do ? What do you see when you open that page in a browser ?
WRONG!

The error log will log ANY failure running any CGI program like PHP.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a hippy & doctor free zone.

User avatar
rpdom
Posts: 14072
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to execute program on server without breaking security issues ?

Sun Dec 10, 2017 7:45 pm

DougieLawson wrote:
Sun Dec 10, 2017 7:41 pm
topguy wrote:
Sat Dec 09, 2017 9:59 pm
Your "error.log" file only contain information about each time the apache server starts.
If you want to see IF your PHP program has been run, take a look at "access.log".

What is index.php supposed to do ? What do you see when you open that page in a browser ?
WRONG!

The error log will log ANY failure running any CGI program like PHP.
The point was that the error log does only contain information about apache starting IN THIS CASE. Possibly the program is not reporting an error, just not doing what it is supposed to.

fbe
Posts: 446
Joined: Thu Aug 17, 2017 9:08 pm

Re: How to execute program on server without breaking security issues ?

Sun Dec 10, 2017 7:58 pm

abhi143 wrote:
Sat Dec 09, 2017 10:37 pm
"/usr/local/bin"
This is program that I am using

Code: Select all

<?php

if(isset($_POST['button']))
{
  system ("gpio mode 0 out");
  system ("gpio write 18 1");
}
else if (isset($_POST['btn']))
{
  system ("gpio write 18 0");
}
?>

<html>
<body>
   <form method="post">
   <p>
   <button name="button">On</button>
   </p>
    <p>
   <button name="btn">Off</button>
    </p>
  </form>
  <body>
</html>
What is the output of

Code: Select all

ls -l /usr/local/bin/gpio

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 3:07 am

fbe wrote:
Sun Dec 10, 2017 7:58 pm
What is the output of

Code: Select all

ls -l /usr/local/bin/gpio
[email protected]:/var/www/html $ ls -l /user/local/bin/gpio
ls: cannot access '/user/local/bin/gpio': No such file or directory

User avatar
rpdom
Posts: 14072
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 4:07 am

How about

Code: Select all

ls -l /usr/bin/gpio

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 5:57 am

rpdom wrote:
Mon Dec 11, 2017 4:07 am
How about

Code: Select all

ls -l /usr/bin/gpio
[email protected]:~ $ cd /var/www/html
[email protected]:/var/www/html $ ls -l /usr/bin/gpio
ls: cannot access '/usr/bin/gpio': No such file or directory

User avatar
rpdom
Posts: 14072
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 6:02 am

Are you running Raspbian?
Lite or Desktop?

It looks like the gpio command (part of the wiringPi package) isn't installed.

Try installing it

Code: Select all

apt-get update
apt-get -y install wiringpi
and see if that makes a difference.

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 6:16 am

rpdom wrote:
Mon Dec 11, 2017 6:02 am
Are you running Raspbian?
Lite or Desktop?

It looks like the gpio command (part of the wiringPi package) isn't installed.

Try installing it

Code: Select all

apt-get update
apt-get -y install wiringpi
and see if that makes a difference.
I have raspbian lite
[email protected]:~ $ apt-get update
Reading package lists... Done
W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)
[email protected]:~ $ apt-get -y install wiringpi
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

User avatar
Jednorozec
Posts: 809
Joined: Sun Nov 24, 2013 2:17 pm
Location: Deposit, NY

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 6:29 am

abhi143 wrote:
Mon Dec 11, 2017 6:16 am
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
This line is telling you what's wrong.
The most important leg of a three legged stool is the one that's missing.
It's called thinking. Why don't you try it sometime?

User avatar
rpdom
Posts: 14072
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 6:29 am

Sorry, those commands need sudo in front to give them root access.

Code: Select all

sudo apt-get update
sudo apt-get -y install wiringpi

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 7:31 am

rpdom wrote:
Mon Dec 11, 2017 6:29 am
Sorry, those commands need sudo in front to give them root access.

Code: Select all

sudo apt-get update
sudo apt-get -y install wiringpi
[email protected]:~ $ sudo apt-get update
Get:1 http://mirrordirector.raspbian.org/raspbian stretch InRelease [15.0 kB]
Get:2 http://archive.raspberrypi.org/debian stretch InRelease [25.3 kB]
Get:3 http://mirrordirector.raspbian.org/raspbian stretch/main armhf Packages [11.7 MB]
Err:3 http://mirrordirector.raspbian.org/raspbian stretch/main armhf Packages
Hash Sum mismatch
Hashes of expected file:
- Filesize:11655152 [weak]
- SHA256:b0102259acf53f111792cca3125a2fbd4c45b5d3adc0e187e8d38c87935f2dd8
- SHA1:2fb9d25d0602f5d921180b56616892a236d49996 [weak]
- MD5Sum:333cb77c5c5f5f3f41a0a48c964409f1 [weak]
Hashes of received file:
- SHA256:c10f7bcb60ca387e7fa2f1928ff032b0bf33d3d25d82319c35e402826579fd73
- SHA1:f7e33bcc848329fcf690e953493afdf7cbae98c3 [weak]
- MD5Sum:291c9948fca0f74093eea6569931dc71 [weak]
- Filesize:390337 [weak]
Last modification reported: Sun, 10 Dec 2017 23:27:11 +0000
Release file created at: Sun, 10 Dec 2017 23:28:48 +0000
Get:4 http://mirrordirector.raspbian.org/raspbian stretch/contrib armhf Packages [56.8 kB]
Get:5 http://archive.raspberrypi.org/debian stretch/main armhf Packages [127 kB]
Fetched 614 kB in 2s (241 kB/s)
Reading package lists... Done
E: Failed to fetch http://mirrordirector.raspbian.org/rasp ... ackages.xz Hash Sum mismatch
Hashes of expected file:
- Filesize:11655152 [weak]
- SHA256:b0102259acf53f111792cca3125a2fbd4c45b5d3adc0e187e8d38c87935f2dd8
- SHA1:2fb9d25d0602f5d921180b56616892a236d49996 [weak]
- MD5Sum:333cb77c5c5f5f3f41a0a48c964409f1 [weak]
Hashes of received file:
- SHA256:c10f7bcb60ca387e7fa2f1928ff032b0bf33d3d25d82319c35e402826579fd73
- SHA1:f7e33bcc848329fcf690e953493afdf7cbae98c3 [weak]
- MD5Sum:291c9948fca0f74093eea6569931dc71 [weak]
- Filesize:390337 [weak]
Last modification reported: Sun, 10 Dec 2017 23:27:11 +0000
Release file created at: Sun, 10 Dec 2017 23:28:48 +0000
E: Some index files failed to download. They have been ignored, or old ones used instead.
[email protected]:~ $ sudo apt-get -y install wiring pi
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package wiring
[email protected]:~ $

User avatar
rpdom
Posts: 14072
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 8:01 am

Right, firstly it looks like there may be a problem with the Raspbian repository

Code: Select all

Err:3 http://mirrordirector.raspbian.org/raspbian stretch/main armhf Packages
Hash Sum mismatch
That's not good, but it may be a temporary issue due to the mirror updating the file at the moment you are trying to download it.

Leaving it for a bit and trying the sudo apt-get update again may fix that.

However, the other files from raspberrypi.org seem to have updated correctly and those are the ones with the details of the wiringpi package, which is what you need right now.

Code: Select all

[email protected]:~ $ sudo apt-get -y install wiring pi
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package wiring
This error is because you put a space between "wiring" and "pi". It is all one word "wiringpi".
Try running the sudo apt-get -y install wiringpi command correctly and I think it will install without any issues.

abhi143
Posts: 129
Joined: Mon Oct 30, 2017 4:17 am

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 8:34 am

rpdom wrote:
Mon Dec 11, 2017 8:01 am
Right, firstly it looks like there may be a problem with the Raspbian repository

That's not good, but it may be a temporary issue due to the mirror updating the file at the moment you are trying to download it.
[email protected]:~ $ sudo apt-get update
Hit:1 http://archive.raspberrypi.org/debian stretch InRelease
Get:2 http://mirrordirector.raspbian.org/raspbian stretch InRelease [15.0 kB]
Get:3 http://mirrordirector.raspbian.org/raspbian stretch/main armhf Packages [11.7 MB]
Err:3 http://mirrordirector.raspbian.org/raspbian stretch/main armhf Packages
Hash Sum mismatch
Hashes of expected file:
- Filesize:11655152 [weak]
- SHA256:b0102259acf53f111792cca3125a2fbd4c45b5d3adc0e187e8d38c87935f2dd8
- SHA1:2fb9d25d0602f5d921180b56616892a236d49996 [weak]
- MD5Sum:333cb77c5c5f5f3f41a0a48c964409f1 [weak]
Hashes of received file:
- SHA256:cfdda0c95bdcd205e4127d6c400af5bb6ad6cba2a58df395c6d8d9456f4e6fb0
- SHA1:b3b757f55c1cd69825a5216ccc7e8847cacc376d [weak]
- MD5Sum:d09e925c5cd56d0b9a4696825e4e2b37 [weak]
- Filesize:384737 [weak]
Last modification reported: Sun, 10 Dec 2017 23:27:11 +0000
Release file created at: Sun, 10 Dec 2017 23:28:48 +0000
Get:4 http://mirrordirector.raspbian.org/raspbian stretch/contrib armhf Packages [56.8 kB]
Fetched 400 kB in 2s (151 kB/s)
Reading package lists... Done
E: Failed to fetch http://mirrordirector.raspbian.org/rasp ... ackages.xz Hash Sum mismatch
Hashes of expected file:
- Filesize:11655152 [weak]
- SHA256:b0102259acf53f111792cca3125a2fbd4c45b5d3adc0e187e8d38c87935f2dd8
- SHA1:2fb9d25d0602f5d921180b56616892a236d49996 [weak]
- MD5Sum:333cb77c5c5f5f3f41a0a48c964409f1 [weak]
Hashes of received file:
- SHA256:cfdda0c95bdcd205e4127d6c400af5bb6ad6cba2a58df395c6d8d9456f4e6fb0
- SHA1:b3b757f55c1cd69825a5216ccc7e8847cacc376d [weak]
- MD5Sum:d09e925c5cd56d0b9a4696825e4e2b37 [weak]
- Filesize:384737 [weak]
Last modification reported: Sun, 10 Dec 2017 23:27:11 +0000
Release file created at: Sun, 10 Dec 2017 23:28:48 +0000
E: Some index files failed to download. They have been ignored, or old ones used instead.
[email protected]:~ $ sudo apt-get -y install wiringpi
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
wiringpi
0 upgraded, 1 newly installed, 0 to remove and 130 not upgraded.
Need to get 53.1 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.raspberrypi.org/debian stretch/main armhf wiringpi armhf 2.44+1 [53.1 kB]
Fetched 53.1 kB in 1s (40.0 kB/s)
Selecting previously unselected package wiringpi.
(Reading database ... 123843 files and directories currently installed.)
Preparing to unpack .../wiringpi_2.44+1_armhf.deb ...
Unpacking wiringpi (2.44+1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up wiringpi (2.44+1) ...

I have done this

[email protected]:~ $ cd /var/www/html
[email protected]:/var/www/html $ ls -l /usr/bin/gpio
-rwsr-xr-x 1 root root 37068 Oct 31 13:51 /usr/bin/gpio

[email protected]:/var/www/html $ ls -l /usr/local/bin/gpio
-rwsr-xr-x 1 root root 37068 Nov 30 09:39 /usr/local/bin/gpio

User avatar
rpdom
Posts: 14072
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to execute program on server without breaking security issues ?

Mon Dec 11, 2017 8:58 am

Ok, so there's still an issue with the Raspbian mirror, but we can ignore that for now. The important thing is you now have wiringpi installed and the gpio command should work.

I've spotted a few things in your code

Code: Select all

  system ("gpio mode 0 out");
  system ("gpio write 18 1");
You're setting GPIO 0 to output and then writing to GPIO 18?
Also, by default that gpio command uses WiringPi's own numbering system for the pins. WiringPi 0 is BCM 17 which is connected to pin 11 on the board. WiringPi 18 is not present on the 40 pin header. It was on a separate bank of pins that were only available on one of the early model 1B and model A.

To use the BCM numbering system with the gpio command you have to use the -g option.

For example, to use BCM 18 (pin 12 on the board), your code would look like this

Code: Select all

  system("gpio -g mode 18 out");
  system("gpio -g write 18 1");
A handy pinout diagram is at https://pinout.xyz/

Return to “General discussion”