Re: PHP5 and Oracle 10g

On Fri, 16 Dec 2005 21:35:50 -0800, yong321 wrote:

> find $ORACLE_HOME -perm 640 -exec chmod 644 {} \;
> find $ORACLE_HOME -perm 750 -exec chmod 755 {} \;
> to make it work. I made sure no suid or sgid bit files/directories
> exist.

This is far too dangerous. Yes, you're right, it's probably the directory problem but this solution is is potentially too destructive. I hate going in indiscriminately with the "find" utility. There are only few files that httpd process must be able to read:
$ cd /opt/apache/modules
$ ls
httpd.exp libphp5.so
$ ldd libphp5.so

        linux-gate.so.1 =>  (0xb7f64000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7bbe000) libfreetype.so.6
        => /usr/lib/libfreetype.so.6 (0xb7b57000) libpng12.so.0 =>
        /usr/lib/libpng12.so.0 (0xb7b34000) libz.so.1 =>
        /usr/lib/libz.so.1 (0xb7b22000) libjpeg.so.62 =>
        /usr/lib/libjpeg.so.62 (0xb7b04000) libbz2.so.1 =>
        /usr/lib/libbz2.so.1 (0xb7af3000) libresolv.so.2 =>
        /lib/libresolv.so.2 (0xb7adf000) libm.so.6 => /lib/tls/libm.so.6
        (0xb7abb000) libdl.so.2 => /lib/libdl.so.2 (0xb7ab7000)
        libnsl.so.1 => /lib/libnsl.so.1 (0xb7aa1000) libclntsh.so.10.1 =>
        /oracle/product/10g/lib/libclntsh.so.10.1 (0xb6cfe000)
        ----------------------------------------------------------------
        libxml2.so.2 => /usr/lib/libxml2.so.2 (0xb6bd9000) libc.so.6 =>
        /lib/tls/libc.so.6 (0xb6aae000) /lib/ld-linux.so.2 (0x005dd000)
        libnnz10.so => /oracle/product/10g/lib/libnnz10.so (0xb68a9000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb6897000)

One file that httpd must be able to read is libclntsh.so, the shared client library. It also must be able to read Oracle*Net configuration files on $TNS_ADMIN and Oracle error messages. That's about it. You can check it by trussing/stracing the httpd process. By executing find indiscriminately, you can mess up some undocumented hidden directories, like $ORACLE_HOME/.patch_storage.

-- 
http://www.mgogala.com