(Permissions?) Problem with gphoto2 and php.
I recently discovered gphoto2 as an alternative to commercial PTP/Camera Control software. I'm tasked with designing a photo-booth kiosk for several museums. My intention is to front-end the thing with an adobe air gui. The gui will call scripts to operate the camera through gphoto2, and since the endpoint of the photos is an emailed message, I thought mysql/php would be appropriate.
The problem is this: gphoto2 cannot run correctly from a php script. I immediately realized the need to allow the www-data user access to the usb camera, and so I added www-user to the plugdev group. As it stands, I can run gphoto2 like so: Code:
sudo su www-data -c 'gphoto2 --capture-image' Code:
$sudo su www-data Code:
For debugging messages, please use the --debug option. Debugging messages may help finding a solution to your problem. If you intend to send any error or debug messages to the gphoto developer mailing list , please run gphoto2 as follows: env LANG=C gphoto2 --debug --debug-logfile=my-logfile.txt --debug --debug-logfile=/var/log/gp-logfile.txt --capture-image-and-download Please make sure there is sufficient quoting around the arguments. Code:
|
Since it works under the www-data account I'd be tempted to just create a bash script that calls gphoto2 --capture-image, place the script in the www-data directory and suid it to www-data.
|
good Idea.
Not QUITE sure what you meant, but I did make a bash script. chown'd it to root:root and chmod'd it to 4755. The way I see it, it should be executable with root permissions by www-data. When I run the script as before with php-r, it works. Still will not work in a browser though.... could it be a timeout problem?
Quote:
|
Quote:
Check for www server errors on the server. Then check file ownership and permissions on the data files. |
Quote:
|
Quote:
Also, if I remember correctly from my own experiences using gtkam and/or gphoto2 with my camera(s) here, is that the camera program itself must be suid-root in order to access the hardware (the camera). If it isn't already, perhaps try that (though I have no idea what sort of security implications this imposes on your kiosk arrangement). |
Quote:
chmod +s /usr/bin/gphoto2 fixed the php problem! Thanks, Grape! Now, I just have to figure out how to make the files which gphoto2 creates accessible by www-data. As it is now, they are root:root. Well, permissions seem to only be a part of the problem. As you can see in my initial podt, I can run gphoto from the shell as www-data, even with commandline php. I think the problem has to do eith the apache/php config, it is as if php is not 'waiting' for the process to complete or something.?? |
Thanks for your help
Quote:
gphoto2 permissions should be as follows: -rwsr-sr-x 1 root root Since gphoto is root:root, any files it creates are as well. I soved this by creating a bas script which chowns the files to www-data:www-data. Then, I added a line via visudo: %www-data ALL=NOPASSWD: /var/www/photo/changeOwner.sh and executed this script from php: exec('sudo ./changeOwner.sh myfile.jpg'). This still leaves a security hole with www-data being able to execute the script as a superuser, but that should be remedied by removing read and write privileges. |
Thought I'd just point out that
Code:
sudo su www-data To get the real www-data env you need Code:
sudo su - www-data |
Quote:
|
All times are GMT -5. The time now is 03:43 PM. |