Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a PHP script on a webpage by which I can (remotely) add scheduled jobs with the at command. Like this:
Code:
$cmd = 'echo "MyCommand" | at hh:mm mmddyy';
system($cmd, $returnvalue);
There is no problem adding the jobs. Executing them on the other hand is not working...
I think the problem is that because the job is added by the 'apache' user, it will execute as the 'apache' user. Since the apache user is a nologin-user, the atd daemon will not execute the job.
Any ideas on how to do this? Securely?
I'd rather not have to write any passwords in clear text in my PHP-script or something like that.
My system: Apache 2.0.52 / PHP 5.0.3 on Fedora Core 3.
Distribution: Ubunto and slowly switching to debian
Posts: 308
Rep:
i dont know how to do this but i would like to do something similar. i am in the middle of a compleat overhaul of my network and am going to my website next.
what i would like to do is have a php script that can exicute the uptime command and then display the output of the command on my webpage so people can see how long my server has been up
i never had any problem along those lines when i wrote stuff that does exactly that... http://untrepid.com/acidbox this uses an at task to record tv programs, and i didn't touch /etc/passwd or anything. I don't doubt for a second that selinux would throw a fit, but i didn't need to modify any code to get it running. i could make the php source accessible... but there's really nothign to see.... it just worked off the bat. AFAIK, the resulting @ processes spawn in the same way that the httpd processes themselves would do, so there's no reason it can't do that. my passwd entry is: "apache:x:48:48:Apache:/var/www:/bin/false" so it's still totally not allowign a login.
Originally posted by acid_kewpie ...uses an at task to record tv programs...
That's exactly the same thing I'm doing
Everything else besides this remote-scheduling is working great. This is the last problem I have to overcome before I break out the champagne
Quote:
Originally posted by acid_kewpie my passwd entry is: "apache:x:48:48:Apache:/var/www:/bin/false"
I have /sbin/nologin instead of your /bin/false. Could that explain the difference? Can anyone confirm that?
I did install this SELinux thingy. I'm quite new here in Linux-land, so I wasn't totally sure what SELinux was, so I just decided to install it to try it out...
Now that it's there, I'd like to find a solution without uninstalling anything. If at all posible.
Originally posted by acid_kewpie AFAIK, the resulting @ processes spawn in the same way that the httpd processes themselves would do, so there's no reason it can't do that.
That's my understanding too. If apache creates the task, it will execute as apache. It seems that apache is just not allowed to execute stuff for some reason.
Oh..., I forgot to mention that I added apache to my /etc/at.allow file (and restarted atd), so there must be something else blocking execution.
And syslog doesn't say anything about any blocking... Annoying...
I even tried to chown MyUser:MyUser one of the spool-file that at created. When that executed, MyUser received an email saying:
well IF selinux is actually enabled as well as installed, that would surely cause it totally choke. basically selinux (security enhanced linux) will only let certain users, most notably apache, access certain locations and resources based on access rights that are theoretcally impossible to break.... and why on earth would apache be running a scheduled task in a nicely managed system?
I'll look into what SELinux is tomorrow. If I'm running some Security Enhancing stuff it's probably a good thing to know something about it...
That chown thing mentioned above was of course never intended as a lasting solution. I was just trying to get an error-message or something out of the system. All I got was the email. Not much..., but maybe it was enough to point me in the right direction.
Having had a quick look at SELinux, I decided I don't really need it, so I disabled it and rebooted.
Unfortunately that didn't make any difference... I still can't get apache to execute the scheduled jobs
I can create the jobs and the jobs seem to be executed. The jobs disappear from the queue at the right time, but nothing really happens...
And I can't find any info in any apache logs or in the system log.
This is starting to annoy me now...
Does anyone know what kind of spells I need to cast here?
1.- apache can run "at" command if is into /etc/at.allow
2.- check in /etc/passwd that apache can run shell commands:
--> apache:x:100:100:Apache:/var/www:/bin/sh
Hey, thanks for replying. Even if my question is almost 4 years old :-)
I think I ended up putting my "jobs" in a MySql database and having a python-program (in crontab, if I remember correctly) checking the database for new jobs on a regular basis.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.