Php – Allow php and python script with apache but still have a secure server


problem "solved"? after backtracking where the permission first stops, the permission denial suddenly went away for no reason.

I am building a webpage where the user must have the possibility to send an input choosing certain predefined names in a local database. (the user-input is either a html form or imported .txt file)

From php i want to be able to call python scripts that further gets other information from the db. With that information i need to be able to create files that is going to be sent back to the user

how can i make my script calls without opening security holes to the user, how do i configure my apache?

i use apache 2.2.3 as webserver

Right now i have problems with permissions from apache when i try to write to a file from my python script? Permission to write is denied even if i give script, textfile and directories full permission (777) apache itself must have some security config that disallow the web user to write?

Traceback (most recent call last):
  File "python/", line 6, in ?
    f = open("/var/www/(path)/textfile.txt", "w")
IOError: [Errno 13] Permission denied: '/var/www/(path)/textfile.txt'

Can i configure my webserver to allow scripts to read and write to files locally but not allowing the web users to have that power? If so what is the most secure way to do it?

Best Answer

Well; I am no expert on this but observe that your question:

Can i configure my webserver to allow the server to run scripts and write to files locally but not allowing users to have that power

Is quite misleading - by default all actions performed on your computer will be done by the webserver, on behalf of the user. There is no user concept for the remote users accessing your webpage, whatever they do will be as the user running the webserver.

When have succesfully started your Python script the concept of web-server configuration no longer applies; now you are just running any Python script (typically as the user www-data) and normal access rules apply. For the script in question to be able to write to a file, the user running the web-server must have write acess to the directory in question.

I would strongly recommend writing to another location than /var/www, e.g. /tmp. You might need to limit the size of files written? Be certain to only read (and write) the bytes you upload, and not try to execute anything of it.

Related Topic