Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.raspberry-pi > #9171 > unrolled thread
| Started by | Glen_Ossman@ossman-cg.net |
|---|---|
| First post | 2015-07-22 04:33 -0700 |
| Last post | 2015-07-23 17:11 +0000 |
| Articles | 9 — 5 participants |
Back to article view | Back to comp.sys.raspberry-pi
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: web server that displays temp, humitdy etc Glen_Ossman@ossman-cg.net - 2015-07-22 04:33 -0700
Re: web server that displays temp, humitdy etc Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-22 18:15 +0000
Re: web server that displays temp, humitdy etc mm0fmf <none@mailinator.com> - 2015-07-22 20:56 +0100
Re: web server that displays temp, humitdy etc David James <david@tcs01.demon.co.uk> - 2015-07-22 21:01 +0000
Re: web server that displays temp, humitdy etc Glen_Ossman@ossman-cg.net - 2015-07-22 14:11 -0700
Re: web server that displays temp, humitdy etc mm0fmf <none@mailinator.com> - 2015-07-22 22:33 +0100
Re: web server that displays temp, humitdy etc Glen_Ossman@ossman-cg.net - 2015-07-22 15:16 -0700
Re: web server that displays temp, humitdy etc Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-22 22:51 +0000
Re: web server that displays temp, humitdy etc Gordon Henderson <gordon+usenet@drogon.net> - 2015-07-23 17:11 +0000
| From | Glen_Ossman@ossman-cg.net |
|---|---|
| Date | 2015-07-22 04:33 -0700 |
| Subject | Re: web server that displays temp, humitdy etc |
| Message-ID | <5c997b0a-9bf3-48e0-adcf-7cf52f6636c2@googlegroups.com> |
Gents you gave me some good ideas that Py code can't be run by a web page Access denied you can only SUDO the code so i am thinking that root cron every 10 minuets and then read the file using html or PHP I am a net coder and example or help would be appreciated motion is up and running on port 8081 and can be accessed by 127.0.0.1:8081 so i need a frame to run it in full page ? with the text on both sides pulled from the file ? i think that will work?
[toc] | [next] | [standalone]
| From | Martin Gregorie <martin@address-in-sig.invalid> |
|---|---|
| Date | 2015-07-22 18:15 +0000 |
| Message-ID | <moomku$5nh$1@dont-email.me> |
| In reply to | #9171 |
On Wed, 22 Jul 2015 04:33:45 -0700, Glen_Ossman wrote:
> Gents
>
> you gave me some good ideas that Py code can't be run by a web page
> Access denied you can only SUDO the code
>
That can most likely be fixed by sorting out the read and execute
permissions for the Python code file. Alternatively, follow what the
Apache manual says in the "CGI: Dynamic Content" manual about running
scripts.
> so i am thinking that root cron every 10 minuets and then read the file
> using html or PHP
>
If you do that, don't run it as root: no user programs should be given
that amount of access to the system.
Instead 'sandbox' it by making another user to run it in. The crontab
file you'll use to run it every 10 minutes has the ability to run
programs under any user you specify
When a new file has been created, you have two choices:
1) create it in the /home/pyuser/public_html directory (you'll have to
create that) and configure Apache to read the file from there,
2) copy the file to some place in the main Apache web page storage area.
In either case your script must set the output file's permissions so
Apache can read it.
> so i need a frame to run it in full page ? with the text on both sides
> pulled from the file ?
>
No, your Python code just needs to write a text file containing the HTML
needed to format the file, i.e it should start with:
<html>
<head><title>page title</title></head>
<body>
... the text and formatting that forms the page content goes here ...
</body>
</html>
Do yourself a favour by downloading and installing the 'tidy' package
("apt-get install tidy"). tidy is a program that, checks HTML pages for
errors and/or tidies up the HTML text. In this case its the fast way to
make sure your Python code is generating valid HTML. Running
"tidy -e myoutput.html" will report any problems with the HTML in
'myoutput.html' - using this while you're writing your program will be a
lot quicker (and find more gotchas) than looking at the HTML file in a
browser, though of course you need to look at the output with a browser
as well.
If you haven't got an HTML book yet and think you need one,
"HTML and CSS: Visual QuickStart Guide" by Elizabeth Castro is worth a
look. I have her "HTML for the World Wide Web" 5th edition and would
recommend that except that it deals with 2003 vintage HTML 4 while "HTML
and CSS" covers the current HTML 5 flavour.
> i think that will work?
>
Either running your Python program from Apache on demand or doing the 10
minute cron update should do what you want.
But, see how long the program takes to rebuild its webpage: if it takes
more than a second to do so, then running it on demand may give a
noticeable delay for the browser user while running it as a cron job
won't provided you run the Python from a shell script which does this the
following:
- run Python code to create the file with a name that Apache doesn't know
- use chmod to set the files permissions for Apache access
- use cp or mv to replace the old file with the new one
because this reduces the time needed to swap the file served up by Apache
to an absolute minimum.
--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
[toc] | [prev] | [next] | [standalone]
| From | mm0fmf <none@mailinator.com> |
|---|---|
| Date | 2015-07-22 20:56 +0100 |
| Message-ID | <DzSrx.4579$577.3084@fx46.am4> |
| In reply to | #9171 |
On 22/07/2015 12:33, Glen_Ossman@ossman-cg.net wrote: > Gents > > you gave me some good ideas > that Py code can't be run by a web page Access denied > you can only SUDO the code > > so i am thinking that root cron every 10 minuets and then read the file using html or PHP > > I am a net coder and example or help would be appreciated > > motion is up and running on port 8081 and can be accessed by 127.0.0.1:8081 > > so i need a frame to run it in full page ? with the text on both sides pulled from the file ? > > i think that will work? > Why does it have to be run as root? You should find out why and fix it by using the correct accounts and permissions. Can I suggest you also use Python3 not Python2. There's nothing wrong with Python2, I used it myself for everything until relatively recently. But moving to Python3 means you are facing the future not the past.
[toc] | [prev] | [next] | [standalone]
| From | David James <david@tcs01.demon.co.uk> |
|---|---|
| Date | 2015-07-22 21:01 +0000 |
| Message-ID | <mop0b3$kgd$1@dont-email.me> |
| In reply to | #9177 |
On Wed, 22 Jul 2015 20:56:18 +0100, mm0fmf wrote: > On 22/07/2015 12:33, Glen_Ossman@ossman-cg.net wrote: >> Gents >> >> you gave me some good ideas that Py code can't be run by a web page >> Access denied you can only SUDO the code >> >> >> > Why does it have to be run as root? You should find out why and fix it > by using the correct accounts and permissions. My guess would be because it is accessing I2C (from the OP's original post) and so it is the permissions somewhere down the /sys/bus/wl/devices directory tree that will need fixing.
[toc] | [prev] | [next] | [standalone]
| From | Glen_Ossman@ossman-cg.net |
|---|---|
| Date | 2015-07-22 14:11 -0700 |
| Message-ID | <5cfbda24-e587-4d0b-a3a9-fcf0ac7ed5ca@googlegroups.com> |
| In reply to | #9177 |
can't be done this is why http://www.element14.com/community/thread/19995/l/anyone-know-how-to-access-raspi-gpio-without-sudo?displayFullThread=true "This means that as a rule, you should not be able to directly access hardware, like the physical memory of the computer. So that's why /dev/mem is protected so that normal users cannot access it. Now "/dev/mem" allows you much, much more "mischief" than just changing a GPIO. So that's why /dev/mem must be protected against normal users. "
[toc] | [prev] | [next] | [standalone]
| From | mm0fmf <none@mailinator.com> |
|---|---|
| Date | 2015-07-22 22:33 +0100 |
| Message-ID | <K_Trx.7084$vh6.723@fx12.am4> |
| In reply to | #9179 |
On 22/07/2015 22:11, Glen_Ossman@ossman-cg.net wrote: > can't be done this is why > > http://www.element14.com/community/thread/19995/l/anyone-know-how-to-access-raspi-gpio-without-sudo?displayFullThread=true > > "This means that as a rule, you should not be able to directly access hardware, like the physical memory of the computer. So that's why /dev/mem is protected so that normal users cannot access it. > > > > Now "/dev/mem" allows you much, much more "mischief" than just changing a GPIO. So that's why /dev/mem must be protected against normal users. " > At this point I'll leave you to enjoy learning about web security and Unix permissions. You probably don't want to have the webserver running as root. Why? That's left as an exercise for the reader! But even if you only intend the webserver to be accessed on your own network you should still get the security model correct from the start. If you always design the security in from the start you wont find something obvious biting you in the backside later on.
[toc] | [prev] | [next] | [standalone]
| From | Glen_Ossman@ossman-cg.net |
|---|---|
| Date | 2015-07-22 15:16 -0700 |
| Message-ID | <179b290d-abad-4d4f-aa00-faddfd706a1b@googlegroups.com> |
| In reply to | #9180 |
if i use a cron job to SUDO Python file_name and it creates a text file in my home directory then have Apache read the text file every time it is accessed.
i am not sure i understand my web security issue ??
<html>
<head>
<title>Reading from text files</title>
</head>
<body>
<?php
$f = fopen("unitednations.txt", "r");
// Read line by line until end of file
$Airtemp fgets($f);
$Watertemp fgets($f);
etc
fclose($f);
?>
</body>
</html>
[toc] | [prev] | [next] | [standalone]
| From | Martin Gregorie <martin@address-in-sig.invalid> |
|---|---|
| Date | 2015-07-22 22:51 +0000 |
| Message-ID | <mop6ps$hj2$1@dont-email.me> |
| In reply to | #9181 |
On Wed, 22 Jul 2015 15:16:23 -0700, Glen_Ossman wrote:
> if i use a cron job to SUDO Python file_name and it creates a text file
> in my home directory then have Apache read the text file every time it
> is accessed.
> i am not sure i understand my web security issue ??
>
As I said above, compartmentalise for good security. I know Windows often
makes this impossible, but it works well with Linux and is something you
really should get used to doing.
Run the Python code in its own user so it is walled off from everybody
else and (carefully, sparingly) let that user inherit any extra
permissions in needs to access stuff such as I2C ports. Run it with a cron
script that copies each newly produced web page to wherever Apache
expects to find it.
> <html>
>
> <head>
> <title>Reading from text files</title>
> </head>
> <body>
>
> <?php
>
> $f = fopen("unitednations.txt", "r");
>
This isn't needed unless you're doing something you haven't told us
about. The Python code can easily can build a static page complete with
all the latest instrument readings and a timestamp. There is no need for
all that <php>...</php> stuff.
Then copy this static HTML page to wherever Apache expects to find it and
you're done.
--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
[toc] | [prev] | [next] | [standalone]
| From | Gordon Henderson <gordon+usenet@drogon.net> |
|---|---|
| Date | 2015-07-23 17:11 +0000 |
| Message-ID | <mor77b$s3r$1@dont-email.me> |
| In reply to | #9180 |
In article <K_Trx.7084$vh6.723@fx12.am4>, mm0fmf <none@mailinator.com> wrote: >On 22/07/2015 22:11, Glen_Ossman@ossman-cg.net wrote: >> can't be done this is why >> >> http://www.element14.com/community/thread/19995/l/anyone-know-how-to-access-raspi-gpio-without-sudo?displayFullThread=true I've not read that thread, but it's very possible to access the GPIO without sudo. One way is to use a set-uid root program, but that may be considered cheating and unless you know what you're doing then might fall foul, however my wiringPi library can be used by set-uid programs then subsequently relinquish root privs once the /dev/mem device has been opened. I do this in my RTB BASIC interpreter so it can access the GPIO and then open/close files as the calling user once it drops root privs. Another way is to export the GPIO pins required using the sysfs interface. The export operation needs to be done via a root program (either via sudo or suid), then your user level program can access them that way. The down-side is that it's slower. Not a problem for simple LEDs and buttons though, and again wiringPi provides mechanisms to let you do this. The SPI and I2C interfaces can also be accessed directly from user-land, all that needs to be done is to make sure the /dev/ device names have the right permissions (and I think they now use the 'gpio' group for this and the default 'pi' user is in the gpio group, so it should "just work"... I think there was/is talk of creating a special /dev/gpio device that only allows mapping of the gpio hardware area - and usable from user-land, but I've not been keeping up with Pi developments as of late. Gordon
[toc] | [prev] | [standalone]
Back to top | Article view | comp.sys.raspberry-pi
csiph-web