DevHeads.net

Permission to enable CGI Scripts to do an I/O on the file system

Hello,

I have written a python script that will spit out a log file. This python
script will be executed as a CGI script.

I am able to run the python program, but not able to make it write to an
output file. How can I enable Apache web server to do so ?

Thanks,
Dann

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
Virus-free.
<a href="http://www.avast.com" title="www.avast.com">www.avast.com</a>
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Comments

Re: Permission to enable CGI Scripts to do an I/O

By Marat Khalili at 08/11/2017 - 00:59

You didn't specify system, so I assume it's a standard Linux
installation. CGI scripts by default run with permissions of the web
server, which are intentionally limited. However, you can create new
files and directories in /tmp, possibly using tempfile module. If you
want more than just a temporary file then you should consider using
database since writing arbitrary files from CGI scripts would otherwise
cause concurrency and security problems.

Re: Permission to enable CGI Scripts to do an I/O

By Kiorp Pilu at 08/11/2017 - 13:20

Hello Marat,

Thanks for the comment.
Yes, I am in the linux environment on a cluster. Tested your idea.

1. The script works, but no output file is written on the cluster i.e.
earlier I can't see anything in the console of my browser, now I see that
the script executes successfully read off from the console.
[ <open file '/tmp/output.txt', mode 'a' at 0x7f1de42e4660> ]

2. So, there's no way of creating a log file in the default directory or
some special directory ?

However, I have set it up in Xampp and it works great, just worked out of
the box.

Re: Permission to enable CGI Scripts to do an I/O

By Marat Khalili at 08/11/2017 - 14:23

Apache usually logs stderr of CGI scripts to its error log, you can use this. If you give any file or directory the permissions you observe on your /tmp file (something like writeable by group www-data), it might work for debugging, or not if SELinux or apparmor gets in the way.

Better solution for debugging Python scripts is cgitb: it will show everything but syntax errors in browser window, and syntax errors will still be visible in Apache logs. In production you can configure cgitb to create tracefiles in a predefined directory.

(Also, typical initial problem with CGI scripts is forgetting to write HTTP headers.)