LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 12-15-2008, 07:05 PM   #1
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Rep: Reputation: 15
Apache user and FFmpeg


Scenario: PHP trying to use the exec command to run ffmpeg to create a thumbnail

As root user I can run any ffmpeg command fine and it will work but trying to run it as the user 'apache' like so, I get:
Code:
[root@localhost bin]# su apache -c 'ffmpeg -i video12.flv -y -f mjpeg -ss 2.00 -t 3.00 -an video12.flv.jpg'
This account is currently not available.
What does "account is currently not available" mean?? And why is it that apache can not run commands using ffmpeg? How can I remedy this?

I've been playing around with permissions too, this is what it is set as:
Code:
[root@localhost bin]# ls -l ffmpeg
-rwxrwxr-x 1 apache root 78248 2008-09-18 01:50 ffmpeg
Thank you for any help.
 
Old 12-15-2008, 07:12 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
Looking at the man page for su, it says that the command specified with the -c argument is run by the user's shell as specified in /etc/passwd. Does your apache user have a valid shell? Mine doesn't and I also can't run commands that way, but if I switch to a different user (one with a valid shell) it works.
 
Old 12-15-2008, 07:20 PM   #3
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Original Poster
Rep: Reputation: 15
Not for me either, apache has:
Code:
apache:x:48:48:Apache:/var/www:/sbin/nologin
To be honest, I am desperatly trying to work why apache is not able to execute ffmpeg commands?

Is there way I can get apache to be able to run ffmpeg commands?
 
Old 12-15-2008, 08:16 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
You could give the apache user a valid shell, but I don't recommend this. If there is an exploit for Apache that allows privilege escalation, you want to make sure that other users can't access a shell as the user running the Apache process. If you do go this way, make sure the password is strong.

Can you run the su command as another user instead? Or, can you do something with cgi scripts so that the script is started by the Apache process as the apache user? At this point though, I'm guessing...
 
Old 12-15-2008, 08:47 PM   #5
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by gilead View Post
Can you run the su command as another user instead? Or, can you do something with cgi scripts so that the script is started by the Apache process as the apache user?
I only have one user that has shell access which is root - I can't do the last option either since its not a good idea to add another lay to my application, its already badly designed don't work to make it any worse ::P

Ok, its a permissions problem, but what else can I do to allow apache to eb able to run just ffmpeg!! How do I make apache the owner of ffmpeg, will that help? I used "chown apache ffmpeg" but that didn't do much.

I am at loss, what else can I do?!!!
 
Old 12-15-2008, 08:57 PM   #6
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
It's not whether apache is the owner of the ffmpeg binary, it's whether su can find a valid shell for the apache user where it can execute the command. You can use chsh to modify the apache user's shell to something else (like /bin/bash).

I'd try it first after running usermod -L apache - that way if the su works, the apache user still can't manually login. I haven't tested this though.
 
Old 12-15-2008, 09:07 PM   #7
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Original Poster
Rep: Reputation: 15
Ok, I changed the apache shell to /bin/bash and when attempt to execute this command I get:
Code:
[root@localhost /]# su apache whoami
/usr/bin/whoami: /usr/bin/whoami: cannot execute binary file
It should have been able to execute this, right?

What I don't get is in my php script, I have something like this as a simple test:
PHP Code:
echo exec('whoami'); 
And I manage to get the output "apache" what sort of shell is it using to do that? Or am I too much of a noob to understand!
 
Old 12-15-2008, 09:21 PM   #8
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Original Poster
Rep: Reputation: 15
Do you think it will be much easier to just write a shell script that takes in a set of variables that can be executed by apache and it does what I want it to do. Or will I face the same sort of problem??
 
Old 12-15-2008, 09:21 PM   #9
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
I think you're set up correctly, but using the wrong syntax. It works for me if I use the -c:
Code:
# su apache -c whoami
apache
 
Old 12-15-2008, 09:35 PM   #10
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Original Poster
Rep: Reputation: 15
Yes, sweet that works with the correct syntax. Apache can run a ffmpeg command from the command line but still it won't run it when i use it in the exec function of php. PHP safe_mode is off. Whats stopping it from executing now. I am going to double check everything to make sure. It should theoretically work when exec is called by PHP right?
 
Old 12-15-2008, 09:49 PM   #11
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
With safe mode off, I'd have thought it would work (but I don't have much history with PHP). Are you getting a different error message now or is anything being written to the Apache access or error logs that might describe what is happening?
 
Old 12-15-2008, 09:50 PM   #12
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Original Poster
Rep: Reputation: 15
This just gets stranger. I can run the command 'su apache -c whoami' fine via the shell. I try to run the same thing using php like so:
PHP Code:
echo 'whoami '.exec("su apache -c 'whoami'"); 
It returns nothing and gives the PHP error code 127. From this site: http://uk2.php.net/passthru, the first comment says:[code]If you have chrooted apache and php, you will also want to put /bin/sh into the chrooted environment. Otherwise, the exec() or passthru() will not function properly, and will produce error code 127, file not found.[code]Do you know what that means?
 
Old 12-15-2008, 10:13 PM   #13
JavaNinja
Member
 
Registered: Sep 2008
Posts: 90

Original Poster
Rep: Reputation: 15
Finally works! I am so tired now! :P

Thank you very much for your help gilead!

To be honest, I have no idea what we did. I will read over this tomorrow and summarise it. I am sure I will face this problem again since I have to migrate my server in a few weeks time!
 
Old 12-15-2008, 10:19 PM   #14
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
I'm glad you've got it working The summary will be very useful as I'll bet you're not the only person who's had to do something like this.
 
Old 03-17-2009, 09:41 PM   #15
mcannell
LQ Newbie
 
Registered: Mar 2009
Posts: 2

Rep: Reputation: 0
JavaNinja,

Can you post what the solution was. I have the identical problem that you had and have spent days trying to fix it. This thread is promising, but like so many other threads it stops without the solution.

My current shell is
/bin/bash

what shell to I chsh too?
I have available:
/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/bin/false
/usr/local/psa/bin/chrootsh
/bin/rbash

Last edited by mcannell; 03-17-2009 at 09:44 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help me in installing ffmpeg, ffmpeg-PHP, Mplayer, Mencoder, flv2tool, LAME MP3 Encod mitesh.ever Red Hat 5 05-16-2009 12:14 PM
Does the latest version of ffmpeg not work with ffmpeg-php? whitey4900 Linux - Software 0 08-04-2008 05:16 PM
Apache service dont working with ffmpeg.so arisbeat Programming 2 08-02-2008 04:02 AM
Apache Webserver 403 Forbidden Errors (User not in apache group?) Mankind75 Mandriva 4 07-08-2004 05:30 AM
Apache User? Crashed_Again Linux - Security 2 02-19-2003 07:53 AM


All times are GMT -5. The time now is 07:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration