Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.raspberry-pi > #9171 > unrolled thread

Re: web server that displays temp, humitdy etc

Started byGlen_Ossman@ossman-cg.net
First post2015-07-22 04:33 -0700
Last post2015-07-23 17:11 +0000
Articles 9 — 5 participants

Back to article view | Back to comp.sys.raspberry-pi

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.


Contents

  Re: web server that displays temp, humitdy etc Glen_Ossman@ossman-cg.net - 2015-07-22 04:33 -0700
    Re: web server that displays temp, humitdy etc Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-22 18:15 +0000
    Re: web server that displays temp, humitdy etc mm0fmf <none@mailinator.com> - 2015-07-22 20:56 +0100
      Re: web server that displays temp, humitdy etc David James <david@tcs01.demon.co.uk> - 2015-07-22 21:01 +0000
      Re: web server that displays temp, humitdy etc Glen_Ossman@ossman-cg.net - 2015-07-22 14:11 -0700
        Re: web server that displays temp, humitdy etc mm0fmf <none@mailinator.com> - 2015-07-22 22:33 +0100
          Re: web server that displays temp, humitdy etc Glen_Ossman@ossman-cg.net - 2015-07-22 15:16 -0700
            Re: web server that displays temp, humitdy etc Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-22 22:51 +0000
          Re: web server that displays temp, humitdy etc Gordon Henderson <gordon+usenet@drogon.net> - 2015-07-23 17:11 +0000

#9171 — Re: web server that displays temp, humitdy etc

FromGlen_Ossman@ossman-cg.net
Date2015-07-22 04:33 -0700
SubjectRe: web server that displays temp, humitdy etc
Message-ID<5c997b0a-9bf3-48e0-adcf-7cf52f6636c2@googlegroups.com>
Gents 

you gave me some good ideas 
that Py code can't be run by a web page Access denied
you can only SUDO the code 

so i am thinking that root cron every 10 minuets and then read the file using html or PHP 

I am a net coder and example or help would be appreciated

motion is up and running on port 8081 and can be accessed by 127.0.0.1:8081

so i need a frame to run it in full page ? with the text on both sides pulled from the file ?

i think that will work?    

[toc] | [next] | [standalone]


#9176

FromMartin Gregorie <martin@address-in-sig.invalid>
Date2015-07-22 18:15 +0000
Message-ID<moomku$5nh$1@dont-email.me>
In reply to#9171
On Wed, 22 Jul 2015 04:33:45 -0700, Glen_Ossman wrote:

> Gents
> 
> you gave me some good ideas that Py code can't be run by a web page
> Access denied you can only SUDO the code
>
That can most likely be fixed by sorting out the read and execute 
permissions for the Python code file. Alternatively, follow what the 
Apache manual says in the "CGI: Dynamic Content" manual about running 
scripts.
 
> so i am thinking that root cron every 10 minuets and then read the file
> using html or PHP
> 
If you do that, don't run it as root: no user programs should be given 
that amount of access to the system. 

Instead 'sandbox' it by making another user to run it in. The crontab 
file you'll use to run it every 10 minutes has the ability to run 
programs under any user you specify

When a new file has been created, you have two choices:

1) create it in the /home/pyuser/public_html directory (you'll have to 
create that) and configure Apache to read the file from there,

2) copy the file to some place in the main Apache web page storage area.

In either case your script must set the output file's permissions so 
Apache can read it.

> so i need a frame to run it in full page ? with the text on both sides
> pulled from the file ?
>
No, your Python code just needs to write a text file containing the HTML 
needed to format the file, i.e it should start with:

<html>
<head><title>page title</title></head>
<body>

... the text and formatting that forms the page content goes here ...

</body>
</html>

Do yourself a favour by downloading and installing the 'tidy' package
("apt-get install tidy"). tidy is a program that, checks HTML pages for 
errors and/or tidies up the HTML text. In this case its the fast way to 
make sure your Python code is generating valid HTML. Running
"tidy -e myoutput.html" will report any problems with the HTML in 
'myoutput.html' - using this while you're writing your program will be a 
lot quicker (and find more gotchas) than looking at the HTML file in a 
browser, though of course you need to look at the output with a browser 
as well.

If you haven't got an HTML book yet and think you need one,  
"HTML and CSS: Visual QuickStart Guide" by Elizabeth Castro is worth a 
look. I have her "HTML for the World Wide Web" 5th edition and would 
recommend that except that it deals with 2003 vintage HTML 4 while "HTML 
and CSS" covers the current HTML 5 flavour.

  
> i think that will work?
>
Either running your Python program from Apache on demand or doing the 10 
minute cron update should do what you want. 

But, see how long the program takes to rebuild its webpage: if it takes 
more than a second to do so, then running it on demand may give a 
noticeable delay for the browser user while running it as a cron job 
won't provided you run the Python from a shell script which does this the 
following:

- run Python code to create the file with a name that Apache doesn't know
- use chmod to set the files permissions for Apache access
- use cp or mv to replace the old file with the new one
 
because this reduces the time needed to swap the file served up by Apache 
to an absolute minimum.


-- 
martin@   | Martin Gregorie
gregorie. | Essex, UK
org       |

[toc] | [prev] | [next] | [standalone]


#9177

Frommm0fmf <none@mailinator.com>
Date2015-07-22 20:56 +0100
Message-ID<DzSrx.4579$577.3084@fx46.am4>
In reply to#9171
On 22/07/2015 12:33, Glen_Ossman@ossman-cg.net wrote:
> Gents
>
> you gave me some good ideas
> that Py code can't be run by a web page Access denied
> you can only SUDO the code
>
> so i am thinking that root cron every 10 minuets and then read the file using html or PHP
>
> I am a net coder and example or help would be appreciated
>
> motion is up and running on port 8081 and can be accessed by 127.0.0.1:8081
>
> so i need a frame to run it in full page ? with the text on both sides pulled from the file ?
>
> i think that will work?
>

Why does it have to be run as root? You should find out why and fix it 
by using the correct accounts and permissions.

Can I suggest you also use Python3 not Python2. There's nothing wrong 
with Python2, I used it myself for everything until relatively recently. 
But moving to Python3 means you are facing the future not the past.

[toc] | [prev] | [next] | [standalone]


#9178

FromDavid James <david@tcs01.demon.co.uk>
Date2015-07-22 21:01 +0000
Message-ID<mop0b3$kgd$1@dont-email.me>
In reply to#9177
On Wed, 22 Jul 2015 20:56:18 +0100, mm0fmf wrote:

> On 22/07/2015 12:33, Glen_Ossman@ossman-cg.net wrote:
>> Gents
>>
>> you gave me some good ideas that Py code can't be run by a web page
>> Access denied you can only SUDO the code
>>
>>
>>
> Why does it have to be run as root? You should find out why and fix it
> by using the correct accounts and permissions.

My guess would be because it is accessing I2C (from the OP's original 
post) and so it is the permissions somewhere down the /sys/bus/wl/devices 
directory tree that will need fixing.

[toc] | [prev] | [next] | [standalone]


#9179

FromGlen_Ossman@ossman-cg.net
Date2015-07-22 14:11 -0700
Message-ID<5cfbda24-e587-4d0b-a3a9-fcf0ac7ed5ca@googlegroups.com>
In reply to#9177
can't be done this is why 

http://www.element14.com/community/thread/19995/l/anyone-know-how-to-access-raspi-gpio-without-sudo?displayFullThread=true

"This means that as a rule, you should not be able to directly access hardware, like the physical memory of the computer. So that's why /dev/mem is protected so that normal users cannot access it.

 

Now "/dev/mem" allows you much, much more "mischief" than just changing a GPIO. So that's why /dev/mem must be protected against normal users. "

[toc] | [prev] | [next] | [standalone]


#9180

Frommm0fmf <none@mailinator.com>
Date2015-07-22 22:33 +0100
Message-ID<K_Trx.7084$vh6.723@fx12.am4>
In reply to#9179
On 22/07/2015 22:11, Glen_Ossman@ossman-cg.net wrote:
> can't be done this is why
>
> http://www.element14.com/community/thread/19995/l/anyone-know-how-to-access-raspi-gpio-without-sudo?displayFullThread=true
>
> "This means that as a rule, you should not be able to directly access hardware, like the physical memory of the computer. So that's why /dev/mem is protected so that normal users cannot access it.
>
>
>
> Now "/dev/mem" allows you much, much more "mischief" than just changing a GPIO. So that's why /dev/mem must be protected against normal users. "
>
At this point I'll leave you to enjoy learning about web security and 
Unix permissions. You probably don't want to have the webserver running 
as root. Why? That's left as an exercise for the reader! But even if you 
only intend the webserver to be accessed on your own network you should 
still get the security model correct from the start. If you always 
design the security in from the start you wont find something obvious 
biting you in the backside later on.

[toc] | [prev] | [next] | [standalone]


#9181

FromGlen_Ossman@ossman-cg.net
Date2015-07-22 15:16 -0700
Message-ID<179b290d-abad-4d4f-aa00-faddfd706a1b@googlegroups.com>
In reply to#9180
if i use a cron job to SUDO Python file_name and it creates a text file in my home directory then have Apache read the text file every time it is accessed.
i am not sure i understand my web security issue ??

<html>

	<head>
	<title>Reading from text files</title>
	</head>
	<body>

	<?php

	$f = fopen("unitednations.txt", "r");

	// Read line by line until end of file
	
	    $Airtemp fgets($f); 
            $Watertemp fgets($f);
            etc 
 
	fclose($f);

	?>

	</body>
	</html>
  

[toc] | [prev] | [next] | [standalone]


#9182

FromMartin Gregorie <martin@address-in-sig.invalid>
Date2015-07-22 22:51 +0000
Message-ID<mop6ps$hj2$1@dont-email.me>
In reply to#9181
On Wed, 22 Jul 2015 15:16:23 -0700, Glen_Ossman wrote:

> if i use a cron job to SUDO Python file_name and it creates a text file
> in my home directory then have Apache read the text file every time it
> is accessed.
> i am not sure i understand my web security issue ??
>
As I said above, compartmentalise for good security. I know Windows often 
makes this impossible, but it works well with Linux and is something you 
really should get used to doing.

Run the Python code in its own user so it is walled off from everybody 
else and (carefully, sparingly) let that user inherit any extra 
permissions in needs to access stuff such as I2C ports. Run it with a cron 
script that copies each newly produced web page to wherever Apache 
expects to find it.

> <html>
> 
> 	<head>
> 	<title>Reading from text files</title>
> 	</head>
> 	<body>
> 
> 	<?php
> 
> 	$f = fopen("unitednations.txt", "r");
>
This isn't needed unless you're doing something you haven't told us 
about. The Python code can easily can build a static page complete with 
all the latest instrument readings and a timestamp. There is no need for 
all that <php>...</php> stuff.

Then copy this static HTML page to wherever Apache expects to find it and 
you're done.


-- 
martin@   | Martin Gregorie
gregorie. | Essex, UK
org       |

[toc] | [prev] | [next] | [standalone]


#9184

FromGordon Henderson <gordon+usenet@drogon.net>
Date2015-07-23 17:11 +0000
Message-ID<mor77b$s3r$1@dont-email.me>
In reply to#9180
In article <K_Trx.7084$vh6.723@fx12.am4>, mm0fmf  <none@mailinator.com> wrote:
>On 22/07/2015 22:11, Glen_Ossman@ossman-cg.net wrote:
>> can't be done this is why
>>
>> http://www.element14.com/community/thread/19995/l/anyone-know-how-to-access-raspi-gpio-without-sudo?displayFullThread=true

I've not read that thread, but it's very possible to access the GPIO without sudo.

One way is to use a set-uid root program, but that may be considered
cheating and unless you know what you're doing then might fall foul,
however my wiringPi library can be used by set-uid programs then
subsequently relinquish root privs once the /dev/mem device has been
opened. I do this in my RTB BASIC interpreter so it can access the GPIO
and then open/close files as the calling user once it drops root privs.

Another way is to export the GPIO pins required using the sysfs
interface. The export operation needs to be done via a root program
(either via sudo or suid), then your user level program can access them
that way. The down-side is that it's slower. Not a problem for simple
LEDs and buttons though, and again wiringPi provides mechanisms to
let you do this.

The SPI and I2C interfaces can also be accessed directly from user-land,
all that needs to be done is to make sure the /dev/ device names have the
right permissions (and I think they now use the 'gpio' group for this and
the default 'pi' user is in the gpio group, so it should "just work"...

I think there was/is talk of creating a special /dev/gpio device that
only allows mapping of the gpio hardware area - and usable from user-land,
but I've not been keeping up with Pi developments as of late.

Gordon

[toc] | [prev] | [standalone]


Back to top | Article view | comp.sys.raspberry-pi


csiph-web