I have ImageMagick-6.9.2-8-Q16-x64-dll.exe installed with GhostScript on Windows Server 2012 R2.
Executing convert "document.pdf" "thumbnail.jpg" command line from PHP using shell_exec or exec fails by returning a value of 1. If I ran the same command manually in Command Prompt(cmd.exe) it creates the pdf file seamlessly.
After going through many articles and forums, these are the steps I followed to make ImageMagic work on IIS environment.
Temp directory permission:
Whenever PHP uploads a file to the server, IIS will place the file to C:\Windows\Temp directory and move it to the destination directory. In this process the uploaded file will inherent ownership and permission from the Temp directory. By default this inheritance will prevent ImageMagic from accessing it. To overcome this limitation the IUSR and IIS_USRS need to have read/write permission on the Temp directory.
For detail explanation read this article.
Image Magic permission/Application Pool Identity: Since PHP is not allowed to execute convert.exe while being served under the IIS user, you have to create/use default application pool in IIS. Once this pool is configured, you have to grant permission to this pool on the ImageMagic directory and the directory where in the pdf file is placed. For detail explanation read this thread. Note: some articles suggest IUSR or IIS_IUSR should be given permission to execute cmd.exe. This is highly discouraged as it could create a window for the security breach.
Source and destination directory permission: Both of this directories need to have IUSR and IIS_IUSR read/write permissions
Command line syntax: common mistakes while passing arguments to the command line from PHP are paths, back slash need to escaped. For instance instead of passing C:\Inetpub\vhosts\... it should be passed as C:\\Inetpub\\vhosts\\....
Here is an example of a working snippet:
$cmd = 'convert "C:\\Inetpub\\vhosts\\a\\doc.pdf[0]" "C:\\Inetpub\\vhosts\\b\\thumb\\a.jpg"';
$output = "";
$result = exec($cmd, $output);
print_r($output); //var_dump($output);
Notice that the whole command is wrapped with single quote and source and destination files are wrapped with double quotes.
Debugging:
PHP doesn't report any error that might occur during executing command line. If error is encountered it fails silently. To debug output sent from the command line, its recommended to use exec. This function let you pass an output variable that will be populated with an array containing response from the command line. From here you can use var_dump, print_r to display the output. If this value has a value of 1 or 4, it implies you still have permission issue you have to resolve :(
Hopefully this helps.
We observed the same issue in ASP.NET application. We resolved it by making sure that we have disposed the ImageMagick object properly
Note: We wrapped the ImageMagick object inside Using Statement. It didn't work.
We have explicity closed that object.
Related
I am running Python under WSGI on an Apache server using CentOS 6. The python script uses a wrapper for the NCAR library called PyNGL. The purpose of this library is to generate graphics from supplied data.
I am attempting to use my python script as a web service by hooking it up to web.py, but it has an entry point for direct execution as well.
Here is the weird thing:
When I run the script directly it works as intended and produces an output image in the directory of the script. However, when I attempt to invoke it through the web.py controller (with the exact same parameters) it fails.
My apache error log contains this:
warning:GKS:GCLRWK: -- cairo driver error: error opening output file
I'm guessing that this is probably a permissions problem, but I haven't the slightest idea where its trying to output.
Edit: I think I have confirmed that it is indeed a permissions error.
I attempted to create file using relative paths and got a similar error:
<type 'exceptions.IOError'> at /plot
[Errno 13] Permission denied: 'Output.txt'
This error refers to this line here:
with open("Output.txt", "w") as text_file:
text_file.write(str(self.__dict__))
Now of course I can specify an absolute path for that text file, but not for the graphical output from PyNGL. Is there a way to determine where it is trying to output, or to change the default output directory?
Usually your application would be running with the current working directory as '/'. The Apache user will not be able to write to that directory.
In any web application you should in general never rely on it being run in a specific directory as different web servers behave differently as to what the current working directory would be. If you assume it always runs in a specific directory, your application would be inherently unportable. Changing the working directory of an application to get around this is also in general bad practice because in a hosting mechanism that allows multiple application to run in the same process, they would all interfere with each other if they each tried to set their own working directory.
What you should do is always use absolute paths when reading and write files and not use relative paths. Why do you say you can't use absolute paths?
Also be aware that your application will run as a special user which would not have access to directories to create files. You would therefore need to open up access to the Apache user. Best practice would be to limit though what the Apache user can write to.
Now since you are using mod_wsgi, one viable option is to make sure you are using mod_wsgi daemon mode and when using the WSGIDaemonProcess directive set the 'home' option to override the current working directory for the single WSGI application delegated to that process. You can also set 'user' and 'group' options to have the process run as a different user that does have access to the directory.
using cpanel server, setting a simple "lynx http://www.domain.com/script.php" command gives following error and I am unable to understand it.
Lynx file "/etc/lynx.lss" is not available.
the problem is the SHELL.
You can solve this problem via two ways:
1] I simply changed the sentence:
SHELL="/usr/local/cpanel/bin/jailshell"
in /var/spool/cron/account
to SHELL="/bin/bash"
2] You can copy file /etc/lynx.lss
to directory: /home/virtfs/account/etc
Both worked for me !
Wilhelm
You can create an empty (or not) style sheet file in a directory where you have write access, then explicitly point to that file on the lynx command-line:
lynx -lss=/path/to/my/lynx.lss ...
I enabled shell access for the account and it started working. The above answer seems to assume you have access to the entire server and can modify those files, if so then just enable shell access and you are set, but if you are on a shared hosting account basic cpanel and ftp access you may not be able to do it. Ask you hosting company if you can have shell access. Then decide what you can do depending on the answer they give you.
you can solve this issue by follow below process :-
Open this file
root#server [~]# vi /var/cpanel/exim.conf.deps
and append below entries and save it.
/etc/lynx.lss
After uploading .xls file to the server it becomes read only. How to make it back read/write.
u can use chmod() php function.
simply type smthing like that:
chmod("/dir/file.xls", 0777);
more about it in documentation:
http://php.net/manual/en/function.chmod.php
You have to check what read only really means in this case - is it lack of write permission (then use chmod to set one after all) or maybe your file is owned by someone else (which often happens on incorrectly configured hostings, where uploads are handled by httpd, not the user owning file hierarchy. If you got shell access do this:
$ ls -l
to list the files and see who owns it, then check what is your ownder id:
$ id
if these do not match, then you may need to reconfigure your server
I'm trying to go through multiple .trc files to find out who has been logging into SQL Server over the last few months. I didn't setup the trace, but what I've got are a bunch of .trc files,
ex:
C:\SQLAuditFile2012322132923.trc,
C:\SQLAuditFile201232131931.trc
etc.
I can load these files into SQL Profiler and look at them individually, but I was hoping for a way to load them all up, so that I can quickly scan them for logins. Either using a filter, or better yet, load them into a SQL Server table and query them.
I tried loading the files into a table using:
use <databasename>
GO
SELECT * INTO trc_table
FROM ::fn_trace_gettable('C:\SQLAuditFile2012322132923.trc', 10);
GO
But when I do this, i get the error message:
File 'C:\SQLAuditFile2012322132923.trc' either does not exist or is not a recognizable trace file. Or there was an error opening the file.
However, I know the file exists, and I have the correct name. Also they appear to be recognizable because I can load them up into SQL Profiler and view them fine.
Anybody have an idea why I'm getting this error message, and if this won't work, perhaps another way of analyzing these multiple .trc files more easily?
Thanks!
You may be having permissions issues on the root of C:. Try placing the file into a subfolder, e.g. c:\tracefiles\, and ensuring that the SQL Server account has at least explicit read permissions on that folder.
Also try starting simpler, e.g.
SELECT * FROM ::fn_trace_gettable('C:\SQLAuditFile2012322132923.trc', default);
Anyway unless you were explicitly capturing successful login events, I don't know that these trace files are going to contain the information you're looking for... this isn't something SQL Server tracks by default.
I had pretty much the same issue and thought I'd copy my solution from
Database Administrators.
I ran an SQL trace on a remote server and transferred the trace files to a
local directory on my workstation so that I load the data into a table on my
local SQL Server instance for running queries against.
At first I thought the error might be related permission but I ruled this
out since I had no problem loading the .trc files directly into SQL Profiler
or as a file into SSMS.
After trying a few other ideas, I thought about it a bit more and realised
that it was due to permissions after all: the query was being run by the SQL
Server process (sqlsrvr.exe) as the user NT AUTHORITY\NETWORK SERVICE –
not my own Windows account.
The solution was to grant Read and Execute permissions to NETWORK
SERVICE on the directory that the trace files were stored in and the trace
files themselves.
You can do this by right-clicking on the directory, go to the Security
tab, add NETWORK SERVICE as a user and then select Read & Execute for
its Permissions (this should automatically also select Read and
List folder contents). These file permissions (ACLs) should automatically
propagate to the directory contents.
If you prefer to use the command line, you can grant the necessary permissions to
the directory – and its contents – by running the following:
icacls C:\Users\anthony\Documents\SQL_traces /t /grant "Network Service:(RX)"
I have to sync some folders from a linux server, to another.
We have created the RSA-Key and the authentication goes well.
When we launch an rsync command, some of the files gave birth to errors like:
rsync: readlink "/var/www/sestantemultimedia.it/xxecommerce/pub/.htaccess" failed: Permission denied (13)
Now, the directory /var/ (as well as other subdirectory) have the permits set to 755.
The files into the last directories have permits set like 644.
So, theoretically, permits as set right and I can read from the other server and copy my files.
What I am missing?
Ok, I just figured it out.
Someone (because we work together as a team) had done a change on the "final folder" so that "apache" user's group can't execute (so can't traverse) the folder itself.
In that way, although it is possibile for "other group" to execute, the sum of permits that we receive (we were into "apache" group) isn't enough for "execute" the folder and retrive the file.
We just change that scenario and now it works properly!