Apache上php exec的权限和jar文件位置

Question

I'm setting up a small experiment on a Linux machine running MariaDB, Apache, Java and PHP... and after playing around all day with this and searching on this topic - I need some further clarification on some permissions and locations. But let me first frame this:

In my web directory: /var/www/html I have a small test program: test.php. It basically does this:

<?php
    exec("java -jar MyApp.jar", $output);
    print_r($output);
?>

the MyApp.jar is a simple java application that connects to the local MariaDB and returns some useful information retrieved from the DB.

My main question is: where should my .jar files be and how do I make sure I execute the correct jar from php (how to reference it? full path?) and how/where/what else do I need to modify....

EDIT: At the moment I'm going to put the files in:

/usr/share/httpd/

In the PHP code I'm going to refer to the full path: ie

exec("java -jar /usr/share/httpd/MyApp.jar", $output);

In the interest of helping others - I also stumbled into a permission denied issue and needed to also do the following:

setsebool -P httpd_can_network_connect_db=1

I'd be interested in comments/answers on the security implications of having jar files in the /usr/share/httpd directory. Is there a better location? I need to ensure that these .jar files cannot be reached externally. I also am using the same directory for some jar libraries.

Answer 1

Install the JDK

Assume for this example that you wish to develop Java programs in addition to installing the JDK. Assume further that the current version of JDK is v1.7.0, and you want to automatically answer "yes" to all questions that the installation program asks. Enter the following command at the CentOS command line: $ sudo yum install java-1.7.0-openjdk-devel -y

Set the JAVA_HOME environment variable

Set JAVA_HOME to the location of JDK, which is /usr/lib/jvm/java-1.7.0-openjdk by default. $ sudo sh -c 'echo export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk > /etc/profile.d/java.sh' $ source /etc/profile.d/java.sh

Download Apache Tomcat

Download the Tomcat binary. The following command assumes that the current version of Tomcat is v7.0.56: $ wget http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.56/bin/apache-tomcat-7.0.56.tar.gz

NOTE: Always check to ensure you are downloading the latest version. Version 7.0.56 was current at the time of writing.

Unpack and configure

Unpack the binary file with the tar command: $ sudo tar xvzf apache-tomcat-7.0.56.tar.gz -C /opt

Make the unpacked files read-only; $ sudo chmod +r /opt/apache-tomcat-7.0.56/conf/*

Set CATALINA_HOME to the directory for the Tomcat files $ sudo sh -c 'echo export CATALINA_HOME=/opt/apache-tomcat-7.0.56 > /etc/profile.d/tomcat.sh' $ source /etc/profile.d/tomcat.sh

Start Tomcat

Run Tomcat's startup script. $ sudo $CATALINA_HOME/bin/startup.sh