LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 05-11-2009, 02:00 AM   #1
rgriffiths
LQ Newbie
 
Registered: Aug 2008
Location: Sydney, Australia
Distribution: Fedora13
Posts: 20

Rep: Reputation: 0
MySQL/PHP/Apache application - file permissions


I have a MySQL/PHP/Apache application running on the office LAN.
The application maintains a project database .. works just fine.
But when I add a web page that simply executes a SELECT to OUTFILE statement, I get Error 13 (permissions problem).

The statement executes fine if I paste directly to a MySQL prompt,
and I let the output go to /var/lib/mysql/base .. which seems to be a default, but the same line fails when called by the app. And even fails from the command line if I write to another folder , eg '/reports', which is where I want it .. that's the SAMBA share where the office staff get/store docs.

The httpd is running as user 'apache', and mysql as 'mysql'.
I have created a group named 'company', and chown'ed the /docs to nobody:company, and made BOTH MySQL and Apache members of that group.

But I still get the permission error when trying to Select {stuff} to OUTFILE '/docs/report.csv', or even just 'reports.csv'

If I keep fiddling with permissions without advice, I'm likely to create a monster.

Webmin seems to offer some options for setting up a .htaccess file to control access to/from files .. is this where I should be fiddling .. at a loss as to where to from here.

Advice appreciated

Russell
 
Old 05-11-2009, 03:51 AM   #2
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
Quote:
Originally Posted by rgriffiths View Post
The statement executes fine if I paste directly to a MySQL prompt,
and I let the output go to /var/lib/mysql/base .. which seems to be a default, but the same line fails when called by the app.
It maybe because the same statement is being executed as different user through application and manually in mysql prompt. You may cross check if "select user();" returns same user name in script and manually.

Quote:
Originally Posted by rgriffiths View Post
And even fails from the command line if I write to another folder , eg '/reports', which is where I want it .. that's the SAMBA share where the office staff get/store docs.
Russell
1) Can you paste us the permissions of /reports where you are trying to get the logs.
2) Also the output of the sql statement executed manually, which is failing to generate logs in /reports.
 
Old 05-13-2009, 01:36 AM   #3
rgriffiths
LQ Newbie
 
Registered: Aug 2008
Location: Sydney, Australia
Distribution: Fedora13
Posts: 20

Original Poster
Rep: Reputation: 0
Thanks, pal
I'm now certain I just have a permissions problem.

the perms on the folder I'm trying to write the reports into (/docs, in fact, not /reports)are as follow .

drwxrwxrwx 6 root maccas 4096 2009-05-13 23:01 docs
I set up a group named 'maccas', and added mysql and apache as members.

And I checked the effective user under the app, with select user()in the php, and also from the keyboard running mysql natively. And thet ARE different.

In the web app, I'm running as manager@localhost, while I'm root@localhost when I was running straight the other day. Root@localhost can, in fact, generate the reports in /docs. But manager@localhost can't .. se the two outputs below.

***output from manual use .. a) as root
mysql> select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)

mysql> select * from projects into outfile '/docs/report5.csv' fields terminated by ',' ;
Query OK, 137 rows affected (0.00 sec)
mysql>

***output when I log on as 'manager'
mysql> select user();
+-------------------+
| user() |
+-------------------+
| manager@localhost |
+-------------------+
1 row in set (0.00 sec)

mysql> select * from projects into outfile '/docs/report6.csv' fields terminated by ',' ;

ERROR 1045 (28000): Access denied for user 'manager'@'localhost' (using password: YES)
mysql>

*** and I'm even denied creating the report in the local mysql folder!! (ie if I drop the '/docs' .. see below ..

mysql> select * from projects into outfile 'report6.csv' fields terminated by ',';
ERROR 1045 (28000): Access denied for user 'manager'@'localhost' (using password: YES)
mysql>

*** SO ..
It sems that root is allowed (as one would expect), but my running logon isn't.

Someone told me that the prob can be solved with an entry in .htaccess, one of the main control files for Apache. I'm reading the Apache manual now, tro try to work that one out.

Suggestions?

And thanks

Grif
 
Old 05-15-2009, 10:46 AM   #4
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
It seems that you are facing privileges problem, not file/directory permission problem.

If it was a file/directory permission related issue, you would have got below kind of error

ERROR 1 (HY000): Can't create/write to file '/root/test' (Errcode: 13)

But the error that you are getting shows that user manager@localhost is not having permissions to read table projects.

Can you just confirm if you are able to read table "projects" with select statement?
 
Old 05-17-2009, 04:20 AM   #5
rgriffiths
LQ Newbie
 
Registered: Aug 2008
Location: Sydney, Australia
Distribution: Fedora13
Posts: 20

Original Poster
Rep: Reputation: 0
Hi

I agree entirely .. it's a privelege thing ..

manager@localhost could run select update, etc.
but I simply changed the php in the export routines to use root as logon, instead of manager,
and even tho that's quite naughty, the problem has gone away.

I do need to fix it PROPERLY, of course
and it seems the GRANT set to manager@localhost is what I need to expand.

I'll re-read the manual there, to see which GRANT option I need to allow manager to write to non-MySQL directories
ane even use the EXPORT command at all, it seems.

will advise via this thread, when I work it out, in case its useful for the next guy

Griffo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
php/shell script to install mysql,apache and php automatically stranger_6_7 Linux - General 2 08-11-2009 03:07 AM
Single sign on with AD in php application with apache tanveer Linux - Server 0 11-01-2007 04:07 AM
PHP+MySQL application on a live CD cppansi Programming 1 05-16-2006 05:13 AM
Apache Mysql Php: mysql with php doesn't work breakerfall Linux - Networking 6 12-27-2003 09:59 PM
file permissions w/apache php caguru Linux - Newbie 3 04-26-2001 08:52 AM


All times are GMT -5. The time now is 02:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration