LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-16-2010, 08:33 AM   #1
cupofnestor
LQ Newbie
 
Registered: Oct 2007
Posts: 27

Rep: Reputation: 0
(Permissions?) Problem with gphoto2 and php.


I recently discovered gphoto2 as an alternative to commercial PTP/Camera Control software. I'm tasked with designing a photo-booth kiosk for several museums. My intention is to front-end the thing with an adobe air gui. The gui will call scripts to operate the camera through gphoto2, and since the endpoint of the photos is an emailed message, I thought mysql/php would be appropriate.

The problem is this: gphoto2 cannot run correctly from a php script. I immediately realized the need to allow the www-data user access to the usb camera, and so I added www-user to the plugdev group.

As it stands, I can run gphoto2 like so:

Code:
sudo su www-data -c 'gphoto2 --capture-image'
even:
Code:
$sudo su www-data
$php -r 'echo exec("gphoto2 --capture-image");'
The above php will NOT work when run from a browser. I get a standard error message when I do so.
Code:
For debugging messages, please use the --debug option. Debugging messages may help finding a solution to your problem. If you intend to send any error or debug messages to the gphoto developer mailing list , please run gphoto2 as follows: env LANG=C gphoto2 --debug --debug-logfile=my-logfile.txt --debug --debug-logfile=/var/log/gp-logfile.txt --capture-image-and-download Please make sure there is sufficient quoting around the arguments.
Any suggestions?
Code:
Ubuntu 9.10

Server version: Apache/2.2.12 (Ubuntu)

PHP 5.2.10-2ubuntu6.5 with Suhosin-Patch 0.9.7 (cli) (built: Sep 16 2010 20:04:48) '
 
Old 11-16-2010, 09:16 AM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Since it works under the www-data account I'd be tempted to just create a bash script that calls gphoto2 --capture-image, place the script in the www-data directory and suid it to www-data.
 
Old 11-16-2010, 09:32 AM   #3
cupofnestor
LQ Newbie
 
Registered: Oct 2007
Posts: 27

Original Poster
Rep: Reputation: 0
good Idea.

Not QUITE sure what you meant, but I did make a bash script. chown'd it to root:root and chmod'd it to 4755. The way I see it, it should be executable with root permissions by www-data. When I run the script as before with php-r, it works. Still will not work in a browser though.... could it be a timeout problem?

Quote:
Originally Posted by stress_junkie View Post
Since it works under the www-data account I'd be tempted to just create a bash script that calls gphoto2 --capture-image, place the script in the www-data directory and suid it to www-data.
 
Old 11-16-2010, 10:42 AM   #4
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Quote:
Originally Posted by cupofnestor View Post
Not QUITE sure what you meant, but I did make a bash script. chown'd it to root:root and chmod'd it to 4755. The way I see it, it should be executable with root permissions by www-data. When I run the script as before with php-r, it works. Still will not work in a browser though.... could it be a timeout problem?
I you are running it as root then the files it creates will be owned by root. If you run it as www-data then the files that it creates will be owned by www-data.

Check for www server errors on the server. Then check file ownership and permissions on the data files.
 
Old 11-17-2010, 08:26 AM   #5
cupofnestor
LQ Newbie
 
Registered: Oct 2007
Posts: 27

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by stress_junkie View Post
Since it works under the www-data account I'd be tempted to just create a bash script /.../ suid it to www-data.
After looking around a bit, it seem sthat suid only works on binaries in linux.
 
Old 11-17-2010, 08:35 AM   #6
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally Posted by cupofnestor View Post
After looking around a bit, it seem sthat suid only works on binaries in linux.
That is correct.

Also, if I remember correctly from my own experiences using gtkam and/or gphoto2 with my camera(s) here, is that the camera program itself must be suid-root in order to access the hardware (the camera). If it isn't already, perhaps try that (though I have no idea what sort of security implications this imposes on your kiosk arrangement).
 
1 members found this post helpful.
Old 11-17-2010, 09:00 AM   #7
cupofnestor
LQ Newbie
 
Registered: Oct 2007
Posts: 27

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by GrapefruiTgirl View Post
That is correct.

Also, if I remember correctly from my own experiences using gtkam and/or gphoto2 with my camera(s) here, is that the camera program itself must be suid-root in order to access the hardware (the camera). If it isn't already, perhaps try that (though I have no idea what sort of security implications this imposes on your kiosk arrangement).
**EDITED**

chmod +s /usr/bin/gphoto2 fixed the php problem! Thanks, Grape!

Now, I just have to figure out how to make the files which gphoto2 creates accessible by www-data. As it is now, they are root:root.

Well, permissions seem to only be a part of the problem. As you can see in my initial podt, I can run gphoto from the shell as www-data, even with commandline php. I think the problem has to do eith the apache/php config, it is as if php is not 'waiting' for the process to complete or something.??

Last edited by cupofnestor; 11-17-2010 at 10:42 AM.
 
Old 11-17-2010, 12:58 PM   #8
cupofnestor
LQ Newbie
 
Registered: Oct 2007
Posts: 27

Original Poster
Rep: Reputation: 0
Thanks for your help

Quote:
Originally Posted by cupofnestor View Post
**EDITED**

Now, I just have to figure out how to make the files which gphoto2 creates accessible by www-data. As it is now, they are root:root.
So, for future generations, here is the solution:

gphoto2 permissions should be as follows:
-rwsr-sr-x 1 root root

Since gphoto is root:root, any files it creates are as well. I soved this by creating a bas script which chowns the files to www-data:www-data. Then, I added a line via visudo:
%www-data ALL=NOPASSWD: /var/www/photo/changeOwner.sh

and executed this script from php: exec('sudo ./changeOwner.sh myfile.jpg').

This still leaves a security hole with www-data being able to execute the script as a superuser, but that should be remedied by removing read and write privileges.
 
Old 11-18-2010, 11:33 PM   #9
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,239

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Thought I'd just point out that
Code:
sudo su www-data
logs you in as www-data user BUT with your orig environment settings.
To get the real www-data env you need
Code:
sudo su - www-data
 
1 members found this post helpful.
Old 11-21-2010, 05:01 PM   #10
cupofnestor
LQ Newbie
 
Registered: Oct 2007
Posts: 27

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chrism01 View Post
Thought I'd just point out that
Code:
sudo su www-data
logs you in as www-data user BUT with your orig environment settings.
To get the real www-data env you need
Code:
sudo su - www-data
Cool, thanks. By "settings" are you suffering to the shell settings?
 
  


Reply

Tags
php, ubuntu, www


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Like plugdev, how to give permissions to users for GPHOTO2? frenchn00b Linux - General 0 08-19-2009 03:45 PM
how to give the permissions to gphoto2 for users? frenchn00b Linux - General 0 07-27-2009 06:44 AM
gphoto2 and Canon IXUS 500: permissions problem? tawalker Linux - Software 0 11-17-2004 03:16 PM
KBGear JamCam problem with gphoto2 LeandroTLZ Linux - Software 0 10-15-2003 10:52 PM
email with php permissions problem waffe Linux - Software 1 10-13-2003 12:22 AM


All times are GMT -5. The time now is 08:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration