cron vs httpd

[drifter]

OK I was just looking at my hosting and I see that when I run an HTTP request, it runs as nobody. When I run a cron, it runs as scott... result files that are created are owned by different people.

Now I have files that a created http and deleted cron. I have some create cron and then deleted http. And I am getting lots of permission denied errors

is it normal for cron and httpd to run as two different people? if so how do I fix this permissions issue. I am no sure what to do, or what to tell my hosting company to change (I have a dedicated so they will make the changes)

Thanks

[btherl]

Do you login as scott to edit your cron jobs?  Ask your hosting provider if you can login as nobody so you can edit nobody's crontab (which will run as nobody).

If that's not possible, just describe your problem and ask them how you can run cron jobs as nobody.  You could also run them as root, but I wouldn't recommend it unless you're experienced in unix.  You could easily trash your server with a typo if you run them as root.

This is a good time to remind you to make regular backups :)

[trq]

Another option is simply to have cron make a request to your scripts via the webserver. eg;

[code]
20 * * * * /usr/bin/wget -O - -q http://yoursite.com/cron/job.php
[/code]

This uses the wget program to make a requesto to your server. Of course this may open up some security issues or unwanted results if people find (and can browse to) the scripts.

[drifter]

I may be able to make the request via the webserver... Are there any speed issues doing this? These are some large -CPU and memory intensive scripts.

Response from hosting company...

It is impossible to login to the server as nobody as that is what apache runs as on the server. I am going to forward your ticket to our admins to see if they can assist you further with what you are trying to accomplish.


... so I am waiting to hear more from them

[Albright]

There are speed issues doing this in that if the web server sees the PHP task isn't being finished fast enough, it will time out and abort the process. Consider doing things that way a last resort.

Have you tried having your script use the chown() function to change the owner of the files it creates to "scott"? Or setting permissions on the files it creates so that they're readable by everybody?

[btherl]

It's not impossible, but don't argue with them.. just wait for the admin's response.

Regarding making requests via the webserver, the scripts will take the same resources either way.  The only problem would be the default timeout in php.  You may be able to modify this using http://sg.php.net/manual/en/function.set-time-limit.php

Note the comment on that page that if you are in safe mode, you can't modify the time limit that way.  Instead you'll have to set max_execution_time in php.ini

I don't think chown() will work, because you can't "give away" files in most versions of unix.  You can set permissions, but that's a huge hassle.

[drifter]

The recommended solution from the hosting company is PHPSuexec

[quote]
There is two workaround for your needs:
1)After creating files using cron, change the ownership of files to nobody or change permission to 777 using
cron itself.
This is highly insecure and not recommended.

2)Enable PHPsuexec in server. This causes PHP scripts to run under user's ownership (scott for files under
username scott).
Check the link http://forums.hostdime.com/showthread.php?t=6516 for detail explanation regarding PHPsuexec
working.[/quote]

I am doing a quick bit of research on this - I have really no clue - I am just a programmer guy :) I like when servers just work!!!

[drifter]

In my reading, I see some performance loss for running as CGI...

I see the benefit is that each virtual host can run apache under their own name. In my case, All my virtual hosts all run off the same web root and file system. They all share the same app - the only reason they are set up as virtual hosts is so they can get their own mail and stats. So I am not sure, but in this case can you just get apache to run under my user "scott" instead of nobody?.... I really do not like server stuff much.

[btherl]

Yes it's possible to run apache as your username.  I think it's more a question of what the admins will allow, since you're using a managed dedicated server (I assume that's what you're using?)

You might want to ask them about enabling suexec for some scripts only (in a particular subdirectory holding your cron jobs, for example) but using the apache module for your regular php.

[drifter]

just checked with the admins and they are changing apache to run under my username

thanks guys

[Daniel0]

[quote author=thorpe link=topic=118676.msg485184#msg485184 date=1166146511]
Another option is simply to have cron make a request to your scripts via the webserver. eg;

[code]
20 * * * * /usr/bin/wget -O - -q http://yoursite.com/cron/job.php
[/code]

This uses the wget program to make a requesto to your server. Of course this may open up some security issues or unwanted results if people find (and can browse to) the scripts.
[/quote]

[code]<Directory "/home/scott/public_html/cron">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>[/code]

Now put your script in the cron folder and use this cron that thorpe said. You'll have to edit the dir to fit your setup though.

Edit: Ahh... you got it to work. Well then you just got another solution there.