Remotely running PHP admin programs on a LAMP server

[mottwsc]

I have a set of PHP 5 scripts that I wrote on a Windows dev server and am now setting up on a LAMP dev server.  I am not an expert on Linux, though, but I want to use it for security reasons.  The hosting site will be a LAMP server.  I'm trying to run administrative processes remotely and am having some trouble with accessing files.  Assume the following directory structure:

.../testsite.com/ contains an htpasswd file

.../testsite.com/docroot/ contains main scripts that everyone accesses

.../testsite.com/docroot/log/ contains text log files plus an htaccess file

.../testsite.com/docroot/includes/ contains php include files, Swiftmailer scripts plus an htaccess file

.../testsite.com/docroot/admin/ contains php admin files plus an htaccess file

 

The task is to tie in remotely to the hosting site and execute an administrative php script that opens, writes to and closes a log file in the /log subdirectory above as well as accesses the database and also sends emails.

 

Option 1 was to try and execute the php admin script by opening a browser, going to .../testsite.com/docroot/admin and executing the access file on the LAMP dev server.  I entered the username and password assocatied with htaccess and start to execute the script.  However, it fails because it can't open the file:

Warning: fopen(.../testsite.com/docroot/log/AdminTest-2009-09-07.txt) [function.fopen]: failed to open stream: Permission denied in .../testsite.com/docroot/admin/test2.php on line 29

Couldn't open the output file.

 

Option 2 was to try and execute the php admin script from the command line on the LAMP dev server (as an admin).  I used the command 'php -f .../testsite.com/docroot/admin/test2.php.  However, it fails because it can't open the header file that is in another directory (the includes directory outlined above).  The error message mentioned another path (include_path='.:/usr/share/php:/usr/share/pear'), although my php.ini file sets the include path to .../testsite.com/docroot/includes/ as mentioned above.

 

How can I execute these admin scripts remotely in a secure way?

 

Thanks.

[cpace1983]

  However, it fails because it can't open the file:

Warning: fopen(.../testsite.com/docroot/log/AdminTest-2009-09-07.txt) [function.fopen]: failed to open stream: Permission denied in .../testsite.com/docroot/admin/test2.php on line 29

Couldn't open the output file.

 

Sounds like the filesystem permissions are wrong on your output file (no write access).  Do an 'ls -l /path/to/file', and let us know the output.  Also, enter the following command:

ps -waux | grep "apache"

and

ps -waux |grep "httpd"

 

So that we can know what user to set the filesystem permissions to.

 

Option 2 was to try and execute the php admin script from the command line on the LAMP dev server (as an admin).  I used the command 'php -f .../testsite.com/docroot/admin/test2.php.  However, it fails because it can't open the header file that is in another directory (the includes directory outlined above).  The error message mentioned another path (include_path='.:/usr/share/php:/usr/share/pear'), although my php.ini file sets the include path to .../testsite.com/docroot/includes/ as mentioned above.

 

Are we talking about your /etc/php5/php.ini, the php.ini file that is used by Apache?  I'm willing to bet that Apache is using a different configuration file, or that php by default is using another configuration file.

 

In any event, once you get the permissions fixed, it should be OK.

[mottwsc]

Sounds like the filesystem permissions are wrong on your output file (no write access).  Do an 'ls -l /path/to/file', and let us know the output.  Also, enter the following command:

ps -waux | grep "apache"

and

ps -waux |grep "httpd"

 

I am not able to create the file as outlined below, so I can't check on its permissions.  Here's the portion of php code in the admin program that is trying to write the log file.  The program dies when it can't create/open the file.

 

           

$path = ".../testsite.com/docroot/log/";
            # note: full path is included in the real statement

            # use a file named with today's date to track progress
$now = strtotime("now");
$sqlToday = date('Y-m-d',$now);
$sqlNow = date('Y-m-d H:i:s',$now);
$fileOutName = $path."AdminTest-".$sqlToday.".txt";

$fileOut = fopen( $fileOutName, "a" );
if( !$fileOut )
{	die("Couldn't open the output file.");	}

 

 

From ps -waux | grep "apache"

 

Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html

root      2719  0.0  3.0  54276 15460 ?        Ss  07:37  0:01 /usr/sbin/apache2 -k start

www-data  2740  0.0  2.6  55048 13596 ?        S    07:37  0:00 /usr/sbin/apache2 -k start

www-data  2741  0.0  2.7  55564 13852 ?        S    07:37  0:00 /usr/sbin/apache2 -k start

www-data  2742  0.0  2.6  54888 13244 ?        S    07:37  0:00 /usr/sbin/apache2 -k start

www-data  2743  0.0  2.7  55484 13860 ?        S    07:37  0:00 /usr/sbin/apache2 -k start

www-data  2744  0.0  2.6  54884 13476 ?        S    07:37  0:00 /usr/sbin/apache2 -k start

www-data  2745  0.0  2.5  54828 13204 ?        S    07:38  0:00 /usr/sbin/apache2 -k start

root      9800  0.0  0.1  3336  796 pts/0    S+  21:47  0:00 grep apache

 

From ps -waux | grep "httpd"

 

Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html

root      9869  0.0  0.1  3336  796 pts/0    S+  21:50  0:00 grep httpd

 

 

Are we talking about your /etc/php5/php.ini, the php.ini file that is used by Apache?  I'm willing to bet that Apache is using a different configuration file, or that php by default is using another configuration file.

 

The php.ini file is in the /etc/php5/apache subdirectory.  That is where I have the include statement that points to the includes subdirectory, and that seems to pull in the include files just fine when I run scripts in docroot.  I'm not sure why it listed the default path from the command line.  If there's another way to determine this, please let me know.

 

Thanks.

[mottwsc]

Does what I replied with lead anyone to suggest anything else?

 

Thanks!