3

I have private server CentOS 6 and I have installed pdftk program to generate pdf files. When I connect with SSH client, I can run pdftk program successfully. But I couldn't in php with exec() function.

I have a very simple php file as shown below. This is only to test if pdftk is working or not. When I ran this file on my localhost with xampp, it generates the file but when I tried on my private server, not gives error and not generates the file. I am not expert and expecting any help from you. Thanks in advance.

PHP CODE:

<?php
exec("pdftk form.pdf output private.pdf");

The error look like this:

Array ( [0] => Error: Failed to open output file:
  [1] => collated.pdf [2] => No output created.)

Note: I have tried this code on putty ssh client and works perfectly.

Jakuje
  • 24,773
  • 12
  • 69
  • 75
Furkan KESKIN
  • 168
  • 3
  • 16
  • Most probably SELinux is not setup to allow httpd server to run this binary (which makes sense). AVCs in audit log will confirm that to you. – Jakuje Apr 03 '17 at 19:10
  • So what can I do ? Can you advice me something ? What should I type to google to fix this issue. ? @Jakuje – Furkan KESKIN Apr 03 '17 at 19:42
  • Typing into google will not fix the issue. You either want to understand the issue so you should find out what is SELinux and as I already wrote, have a look into audit log what was rejected and why, troubleshoot it probably with `selinux-troubleshoot` or `audit2allow` tools (no general advice from here). Or just turn off SELinux, if you don't care about security (which will make it *magically* work). – Jakuje Apr 03 '17 at 19:48
  • @Jakuje I turned off selinux temporarily and reboot my server but still same problem. I think there is another problem. What do you think? – Furkan KESKIN Apr 03 '17 at 19:59
  • How did you turn the SELinux off? – Jakuje Apr 03 '17 at 19:59
  • @Jakuje nano /etc/selinux/config SELINUX=enforcing to SELINUX=disabled – Furkan KESKIN Apr 03 '17 at 20:00
  • And what errors you get? If not on the webpage, in the log? And if you raise log level in the httpd configuration? – Jakuje Apr 03 '17 at 20:02
  • @Jakuje The error is: Array ( [0] => Error: Failed to open output file: [1] => collated.pdf [2] => No output created. . same exec code on putty works fine. – Furkan KESKIN Apr 03 '17 at 20:06
  • And are you in the same directory as when running from PuTTY? – Jakuje Apr 03 '17 at 20:08
  • @Jakuje Yes. With cd command I reach to my site folder and execute command then output comes. In same directory, there is index php file that includes exec command as I mentioned on top, giving this error. – Furkan KESKIN Apr 03 '17 at 20:10
  • Make sure running `exec("pwd")` before running the `pdftk` from php. – Jakuje Apr 03 '17 at 20:11
  • @Jakuje Still same problem. I used like this; exec("pwd"); exec("pdftk code is here"); – Furkan KESKIN Apr 03 '17 at 20:16
  • But what is the output of the `pwd` -- it will print your working directory. – Jakuje Apr 03 '17 at 20:17
  • @Jakuje Gives this: /home/mysite/subdomain.mysite.com/ – Furkan KESKIN Apr 03 '17 at 20:19

1 Answers1

1

The error is: Array ( [0] => Error: Failed to open output file: [1] => collated.pdf [2] => No output created. . same exec code on putty works fine.

The difference you can spot is in the user running the code. In case of PuTTY, you are logged in as a different user than the user who is running your script when accessed from web. Since you are creating a new file, the user needs a write access to the directory, where you are. This is generally a bad idea to allow to write that user to the directory, where your scripts are so it is a good idea to create a new directory (such as export), where the apache user will have access to write:

mkdir export
chown apache:apache export
chmod 755 export

and modify your script to write a file into that directory:

exec("pdftk form.pdf output export/private.pdf");
Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • chmod apache:apache export gives error "chmod: invalid mode: `apache:apache'" – Furkan KESKIN Apr 03 '17 at 20:32
  • Sorry, obviously, there should be `chown` to make sure that this directory is owned by the `apache` user (I hope that it is the correct one on CentOS -- otherwise find out the right using `exec("id")` from your script). – Jakuje Apr 03 '17 at 20:34
  • Thanks for your helps but it still gives same error Array ( [0] => Error: Failed to open output file: [1] => export/private.pdf [2] => No output created. [3] => Error: unable to open file for output: export/private.pdf ) – Furkan KESKIN Apr 03 '17 at 20:38
  • So once more check and verify what are the permissions of the `export` directory and if the file is not yet there with "bad permissions" using `ls -ldZ export export/private.pdf`. – Jakuje Apr 03 '17 at 20:40
  • Array ( [0] => uid=99(nobody) gid=99(nobody) groups=99(nobody) ) id gives this. – Furkan KESKIN Apr 03 '17 at 20:40
  • 1
    So change the owner to `nobody`: `chmod nobody:apache export` for example. – Jakuje Apr 03 '17 at 20:41