LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   MySQL/PHP/Apache application - file permissions (http://www.linuxquestions.org/questions/linux-server-73/mysql-php-apache-application-file-permissions-725117/)

rgriffiths 05-11-2009 01:00 AM

MySQL/PHP/Apache application - file permissions
 
I have a MySQL/PHP/Apache application running on the office LAN.
The application maintains a project database .. works just fine.
But when I add a web page that simply executes a SELECT to OUTFILE statement, I get Error 13 (permissions problem).

The statement executes fine if I paste directly to a MySQL prompt,
and I let the output go to /var/lib/mysql/base .. which seems to be a default, but the same line fails when called by the app. And even fails from the command line if I write to another folder , eg '/reports', which is where I want it .. that's the SAMBA share where the office staff get/store docs.

The httpd is running as user 'apache', and mysql as 'mysql'.
I have created a group named 'company', and chown'ed the /docs to nobody:company, and made BOTH MySQL and Apache members of that group.

But I still get the permission error when trying to Select {stuff} to OUTFILE '/docs/report.csv', or even just 'reports.csv'

If I keep fiddling with permissions without advice, I'm likely to create a monster.

Webmin seems to offer some options for setting up a .htaccess file to control access to/from files .. is this where I should be fiddling .. at a loss as to where to from here.

Advice appreciated

Russell

suhas! 05-11-2009 02:51 AM

Quote:

Originally Posted by rgriffiths (Post 3536681)
The statement executes fine if I paste directly to a MySQL prompt,
and I let the output go to /var/lib/mysql/base .. which seems to be a default, but the same line fails when called by the app.

It maybe because the same statement is being executed as different user through application and manually in mysql prompt. You may cross check if "select user();" returns same user name in script and manually.

Quote:

Originally Posted by rgriffiths (Post 3536681)
And even fails from the command line if I write to another folder , eg '/reports', which is where I want it .. that's the SAMBA share where the office staff get/store docs.
Russell

1) Can you paste us the permissions of /reports where you are trying to get the logs.
2) Also the output of the sql statement executed manually, which is failing to generate logs in /reports.

rgriffiths 05-13-2009 12:36 AM

Thanks, pal
I'm now certain I just have a permissions problem.

the perms on the folder I'm trying to write the reports into (/docs, in fact, not /reports)are as follow .

drwxrwxrwx 6 root maccas 4096 2009-05-13 23:01 docs
I set up a group named 'maccas', and added mysql and apache as members.

And I checked the effective user under the app, with select user()in the php, and also from the keyboard running mysql natively. And thet ARE different.

In the web app, I'm running as manager@localhost, while I'm root@localhost when I was running straight the other day. Root@localhost can, in fact, generate the reports in /docs. But manager@localhost can't .. se the two outputs below.

***output from manual use .. a) as root
mysql> select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)

mysql> select * from projects into outfile '/docs/report5.csv' fields terminated by ',' ;
Query OK, 137 rows affected (0.00 sec)
mysql>

***output when I log on as 'manager'
mysql> select user();
+-------------------+
| user() |
+-------------------+
| manager@localhost |
+-------------------+
1 row in set (0.00 sec)

mysql> select * from projects into outfile '/docs/report6.csv' fields terminated by ',' ;

ERROR 1045 (28000): Access denied for user 'manager'@'localhost' (using password: YES)
mysql>

*** and I'm even denied creating the report in the local mysql folder!! (ie if I drop the '/docs' .. see below ..

mysql> select * from projects into outfile 'report6.csv' fields terminated by ',';
ERROR 1045 (28000): Access denied for user 'manager'@'localhost' (using password: YES)
mysql>

*** SO ..
It sems that root is allowed (as one would expect), but my running logon isn't.

Someone told me that the prob can be solved with an entry in .htaccess, one of the main control files for Apache. I'm reading the Apache manual now, tro try to work that one out.

Suggestions?

And thanks

Grif

suhas! 05-15-2009 09:46 AM

It seems that you are facing privileges problem, not file/directory permission problem.

If it was a file/directory permission related issue, you would have got below kind of error

ERROR 1 (HY000): Can't create/write to file '/root/test' (Errcode: 13)

But the error that you are getting shows that user manager@localhost is not having permissions to read table projects.

Can you just confirm if you are able to read table "projects" with select statement?

rgriffiths 05-17-2009 03:20 AM

Hi

I agree entirely .. it's a privelege thing ..

manager@localhost could run select update, etc.
but I simply changed the php in the export routines to use root as logon, instead of manager,
and even tho that's quite naughty, the problem has gone away.

I do need to fix it PROPERLY, of course
and it seems the GRANT set to manager@localhost is what I need to expand.

I'll re-read the manual there, to see which GRANT option I need to allow manager to write to non-MySQL directories
ane even use the EXPORT command at all, it seems.

will advise via this thread, when I work it out, in case its useful for the next guy

Griffo


All times are GMT -5. The time now is 02:07 AM.