[asterisk-users] Access rights between AGI and Web server?

Mon Mar 24 14:13:12 CDT 2008

On Mon, 24 Mar 2008 11:05:32 -0800, "Mojo with Horan & Company, LLC"
<mojo at horanappraisals.com> wrote:
>If the AGIs do run as root:wheel, then there should be no problem, 
>because they should be able to access the db files?

I agree, but even after uninstalling Lighttpd and installing Apache2,
just to make sure it weren't some security issue that would prevent a
PHP script from writing to files outside the /data directory, I have
the same issue :-/

><?php
>        $u = posix_getpwuid(posix_getuid());
>        $g = posix_getgrgid(posix_getgid());
>        echo "This script is running as ".$u['name'].":".$g['name'];
>?>

1. Here's the output:

echo exec('id') . "<hr>";
$u = posix_getpwuid(posix_getuid());
$g = posix_getgrgid(posix_getgid());
echo "This script is running as ".$u['name'].":".$g['name'];
=>
uid=80(www) gid=80(www) groups=80(www)
This script is running as www:www

2. The PHP script and the SQLite database are owned by www:www:

[/usr/local/www/apache22/data]# ll
drwxr-xr-x  2 root  wheel   512 Mar 24 19:52 .
drwxr-xr-x  6 root  wheel   512 Mar 24 18:56 ..
-rw-r--r--  1 www   www    2463 Mar 24 20:00 test.php

[/usr/local/share/asterisk/agi-bin]# ll
drwxr-xr-x  3 root  wheel    512 Mar 24 18:38 .
drwxr-xr-x  9 root  wheel    512 Mar 14 08:05 ..
-rw-rw-r--  1 www   www     3072 Mar 24 18:37 test.sqlite

3. And here's the code:

//GOOD $dbh = new PDO("sqlite:test.sqlite");
//GOOD $dbh = new PDO("sqlite:/tmp/test.sqlite");
$dbh = new
PDO("sqlite:/usr/local/share/asterisk/agi-bin/test.sqlite");

$time = time();
$current = date("Y-m-d H:i:s",$time);
$sql = "INSERT INTO mytable VALUES (NULL,'$current')";
print "$sql<hr>";
$dbh->exec($sql);

$sql = "SELECT * FROM mytable";
foreach($dbh->query($sql) as $row) {
		print $row['name'] . "<p>\n";
}

$dbh = null;

I don't understand why test.php can read, but cannot write.

Thank you.