logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Basic use of Environment Variables in Apache
Author
loadlover



Joined: 09 Jul 2017
Posts: 4
Location: UK

PostPosted: Sun 09 Jul '17 11:08    Post subject: Basic use of Environment Variables in Apache Reply with quote

- Apache 2.4.26
- Arch Linux 64-bit


Hi all,

In Apache's httpd.conf file I might reference a directory as:

Code:
/run/user/1000


Now, however, I want to replace the 1000 with $UID (the User ID Environment Variable), so I try:

Code:
/run/user/$UID


But Apache doesn't like this. I cannot access this directory. Here's the error log:

Code:
[Sun Jul 09 10:07:06.770334 2017] [mpm_event:notice] [pid 2056:tid 140491652697024] AH00489: Apache/2.4.26 (Unix) configured -- resuming normal operations
[Sun Jul 09 10:07:06.770440 2017] [core:notice] [pid 2056:tid 140491652697024] AH00094: Command line: '/usr/bin/httpd -D FOREGROUND'
[Sun Jul 09 10:07:15.995701 2017] [authz_core:error] [pid 2063:tid 140491332974336] [client ::1:51278] AH01630: client denied by server configuration: /run/user/$UID


I have tried as root and user. Neither works. Is this a syntax problem?

Thanks:)

Loady
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7377
Location: Germany, Next to Hamburg

PostPosted: Sun 09 Jul '17 19:26    Post subject: Reply with quote

Youn need to use parentesis

Code:

/run/user/${UID}



Maybe also interessting for you https://httpd.apache.org/docs/2.4/vhosts/mass.html
Back to top
loadlover



Joined: 09 Jul 2017
Posts: 4
Location: UK

PostPosted: Sun 09 Jul '17 20:29    Post subject: Reply with quote

Hi, thanks for the reply. Appreciated.

I tried ${UID} but it isn't working either.. Ack! Oh dear.

This is what I'm tryin' to do:

Code:
    Alias "/gopro" "/run/user/${UID}"
    <Directory "/run/user/${UID}">
        Require all granted
        Options Indexes FollowSymLinks
    </Directory>


Regards
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7377
Location: Germany, Next to Hamburg

PostPosted: Mon 10 Jul '17 22:23    Post subject: Reply with quote

is the default console bash for user apache is running? it doesn't work in sh.

Also note that the /run/user/XXXX only exists if a user is logged in. Apache does NOT login while running. So the directory doesn't exist at apache runtime. ( at least in debian)

The 1000 is your user id. I think the user id of the apache user is different. According to the arch linux wiki the user is "http"

https://wiki.archlinux.org/index.php/Apache_HTTP_server
Back to top
loadlover



Joined: 09 Jul 2017
Posts: 4
Location: UK

PostPosted: Tue 11 Jul '17 17:08    Post subject: Reply with quote

Hi,

Yeah, assume this situation:

The system has been booted up (by root, naturally) and the Apache user (called http, UID 33) has started automatically. It is now running happily away.

Now, user "David" logs in to the system. He is UID 1000. In his .bash_profile, he has:

Code:
export IDENT_UID=$UID


As you can see, this line immediately creates a copy of the Environment Variable UID as he logs in.

Now, David issues a command to run a script that restarts Apache. Apache's httpd.conf is reloaded; it contains the following:

Code:
PassEnv IDENT_UID

Alias "/gopro" "/run/user/${IDENT_UID}"
<Directory "/run/user/${IDENT_UID}">
    Require all granted
    Options Indexes FollowSymLinks
</Directory>


David now hopes he can use the /gopro alias to access the files in /run/user/1000, but alas, it doesn't work. Does this make what I'm trying to do any clearer?

Loady
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7377
Location: Germany, Next to Hamburg

PostPosted: Wed 12 Jul '17 11:21    Post subject: Reply with quote

You would have to change the system behaviour. The Apache config in this case will be set correctly. However the folder permission of the created folder are 0700 so apache running as UID 33 can not access that folder. It would need 0755
It might be an option to run apache with UID 1000

e.g.
Code:

User ${IDENT_UID}
Group ${IDENT_UID}


That is a major security risk!

I wonder what you want from that folder!? Is has only runtime imformation and also if the user has already SSH access to that machine it doesn't make any sense.
Back to top
loadlover



Joined: 09 Jul 2017
Posts: 4
Location: UK

PostPosted: Wed 12 Jul '17 21:47    Post subject: Reply with quote

Hi James,

That's interesting.

The reason I started all this was that when I plug my GoPro camera in, it is auto-mounted as an MTP filesystem. The data is at:

Code:
/run/user/1000/gvfs/mtp:host=%5Busb%3A001%2C004%5D/GoPro MTP Client Disk Volume/DCIM/100GOPRO/


I wanted an easy way to make the contents of the onboard SD card available to friends over the internet - so, naively, I thought, "Oh I'll just run an Apache server and make the GoPro folder available using an alias!" Then it became a challenge, and I got a little obsessed by doing it this way;)

Is there a simpler, (much) better way to use Apache for this? I'd greatly appreciate any suggestions.

Oh, and this thing about PassEnv.. Does this actually work? Does it make a bash shell environment variable available to Apache through Apache's httpd.conf file?

Loady
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7377
Location: Germany, Next to Hamburg

PostPosted: Thu 13 Jul '17 14:56    Post subject: Reply with quote

I've never used arch linux. On Debian the standard installation of apache 2.4 /etc/init.d/apachectl script runs /etc/apache2/envvars which uses for example

envvars
Code:

export APACHE_RUN_USER=www-data


and in apache2.conf (debian don't uses httpd.conf)
Code:

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}


That works quiet well.


Another idea


if the path of the mounted camera does not change it might be an option to mount it for a different user and different permissions using bindfs. I did once that so that the files are only readable by apache but editable for a different user.

/etc/fstab
Code:

/run/user/1000/gvfs/mtp:host=%5Busb%3A001%2C004%5D/GoPro MTP Client Disk Volume/DCIM/100GOPRO/ /var/www/gopro/   fuse.bindfs  force-user=http,perms=g+rw,create-for-user=http,nosuid,nodev



Sure it is also possible to mount that dynamicly and not while booting

For examples see
http://bindfs.org/

I think that is easier than messing too much with the apache config.

Last idea simply copy the apache server.
Back to top


Reply to topic   Topic: Basic use of Environment Variables in Apache View previous topic :: View next topic
Post new topic   Forum Index -> Apache