How to send server / shell command via cgi?

DrStrangeLv has asked for the wisdom of the Perl Monks concerning the following question:

I have a cgi script to control my dslr camera

On my server the app that sends commands to the camera is gphoto2

Running under Debian on a Linksys NSLU2.

I'm using tthtp and pearl.

My problem is that I'm not able to get the cgi to send the command to the server.

I'm no expert on cgi.

What I need to know is what cgi command can pass the server command.

Here is a more detail explanation:

When login using putty under ssh to server as root

This command works fine

gphoto2 --set-config capture=on --set-config capturetarget=1 --set-config capture=on --set-config eos-shutterspeed=35 --set-config eos-iso=0 --set-config capture=off --capture-image

But when I attempt it from within a cgi script using this command

system("gphoto2 --set-config capture=on --set-config capturetarget=1 --set-config capture=on --set-config eos-shutterspeed=35 --set-config eos-iso=0 --set-config capture=off --capture-image");

I get this error back

*** Error *** An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (such as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device. *** Error *** An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (such as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device. *** Error *** An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (such as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device. *** Error *** An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (such as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device. *** Error *** An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (such as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device. *** Error *** An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (such as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device. *** Error *** An error occurred in the io-library ('Could not claim the USB device'): Could not claim interface 0 (Operation not permitted). Make sure no other program or kernel module (such as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device. ERROR: Could not capture. *** Error (-53: 'Could not claim the USB device') *** For debugging messages, please use the --debug option. Debugging messages may help finding a solution to your problem. If you intend to send any error or debug messages to the gphoto developer mailing list , please run gphoto2 as follows: env LANG=C gphoto2 --debug --debug-logfile=my-logfile.txt --set-config capture=on --set-config capturetarget=1 --set-config capture=on --set-config eos-shutterspeed=35 --set-config eos-iso=0 --set-config capture=off --capture-image Please make sure there is sufficient quoting around the arguments.

The <o:p></o:p>

has nothing to do with my script for some reason WORD adds that. The server for this is local only so security is not an issue so long as I can get script to work. Any words of advise on how to use suid as I have never heard of it? Thank you

Comment on How to send server / shell command via cgi?

Replies are listed 'Best First'.
Re: How to send server / shell command via cgi? by AnomalousMonk (Archbishop) on May 19, 2009 at 16:07 UTC
What the heck is the <o:p> </o:p> pseudo-tag pair supposed to do? Please see How do I post a question effectively? and Markup in the Monastery.	[reply]
Re: How to send server / shell command via cgi? by DrStrangeLv (Initiate) on May 20, 2009 at 03:28 UTC
"Have your cgi-script run the command via sudo" Ok Like I said I'm no cgi expert How do I do this? What is the command to use within the cgi script? I did go to the website suggest above however I could not find any command base to explain this.	[reply]
Re^2: How to send server / shell command via cgi? by morgon (Priest) on May 20, 2009 at 14:34 UTC
I said I'm no cgi expert. Sorry if my reply was not helpful. But for me your question is neither a perl nor a cgi question and people that use Debian normally are Linux-savy (and sudo is a basic tool on Linux). But there is plenty of documentation on the web, so it should not be too hard.	[reply]
Re: How to send server / shell command via cgi? by DrStrangeLv (Initiate) on May 20, 2009 at 04:50 UTC
OK I'm getting closer.... /usr/local/bin/gphoto2: /usr/local/bin/gphoto2: cannot execute binary file Using command within CGI as follows: system("sudo -i -u www-data gphoto2 --set-config capture=on --set-config capturetarget=1 --set-config capture=on --set-config eos-shutterspeed=".$code." --set-config capture=on --set-config eos-iso=".$icode." --set-config capture=off --capture-image"); Any idea's what I've done wrong now....	[reply]
Re: How to send server / shell command via cgi? by DrStrangeLv (Initiate) on May 20, 2009 at 05:03 UTC
Here is what my sudoers file looks like # /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # Defaults env_reset # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL www-data ALL=(ALL) ALL # Uncomment to allow members of group sudo to not need a password # (Note that later entries override this, so you might need to move %www ALL=(ALL) NOPASSWD: ALL www ALL=(ALL) NOPASSWD: ALL www localhost=NOPASSWD: ALL www www-data=NOPASSWD: ALL %sudo ALL=NOPASSWD: ALL	[reply]
Re^2: How to send server / shell command via cgi? by morgon (Priest) on May 20, 2009 at 14:42 UTC
If you don't care about security ramifications you can just add `http ALL=(ALL) NOPASSWD: ALL` [download] assuming http is the user-account your cgi-script runs under and then run the command in your cgi-script as `system("sudo -u root <your_command>")` [download] It will then run as root and should not have permission problems. That should get you started for a more secure setup later. hth	[reply] [d/l] [select]
Re^3: How to send server / shell command via cgi? by DrStrangeLv (Initiate) on May 21, 2009 at 02:31 UTC
Thank you all for your help that last bit got it working!	[reply]
Re: How to send server / shell command via cgi? by Utilitarian (Vicar) on May 19, 2009 at 16:01 UTC
Your install is preventing you from accessing the USB subsystem as the httpd user, and quite right too ;) you could suid your script (an incredibly bad idea unless you're 100% certain your script is watertight)	[reply]
Re: How to send server / shell command via cgi? by DrStrangeLv (Initiate) on May 19, 2009 at 17:05 UTC
The <o:p></o:p> has nothing to do with my script for some reason WORD adds that. The server for this is local only so security is not an issue so long as I can get script to work. Any words of advise on how to use suid as I have never heard of it? Thank you	[reply]
Re: How to send server / shell command via cgi? by morgon (Priest) on May 19, 2009 at 22:01 UTC
Have your cgi-script run the command via sudo (man sudo or http://www.sudo.ws) You don't need to install anything - it comes with Debian.	[reply]