I am having problems connecting to MySQL from Perl scripts that are run from
the apache web server.
These problems don't exist when running the same scripts from the command
prompt.
It's almost certainly not a Perl problem, but someone may have run into this
problem and may be able to help.
Pertinent information:
----------------------
Mysql info - select * from mysql.user yields:
host = localhost user = root password = (none) (yes, I know I have
to change this)
host = % user = apache password = 77ddghws8w...
host = localhost user = apache password = (none)
host = 127.0.0.1 user = apache password = (none)
Apache httpd.conf, section 2 has:
User apache
Group apache
ServerName localhost
<Directory "/usr/www/loader/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny ( I think this makes everything very
liberal)
Allow from all
</Directory>
There is no (apparent) mysql.cnf file in the system
Observed Behaviour:
-------------------
mysql (from root) ==> mysql> and behaves appropriately (e.g. use mysql is
allowed, use mydb is also OK, and can select from mydb.mytable)
mysql -u apache ==> mysql> and behaves appropriately (e.g. use mysql is
denied but use mydb is ok, also can select from mydb.mytable)
in the perl script:
if ( $dbh = DBI->connect("DBI:mysql:$INI{DBname}",$INI{DBuser},$INI{DBpass})
)
where $INI{DBuser} = 'root' and $INI{DBpass} is null
==>
if executed from command prompt ==> displays DB information (i.e.
evaluates as true)
if executed from web browser ==> evaluates as false
script $who=`whoami`; print "$who"; ==> reports "apache" as the user,
therefore:
if ( $dbh = DBI->connect("DBI:mysql:$INI{DBname}",$INI{DBuser},$INI{DBpass})
)
where $INI{DBuser} = 'apache' and $INI{DBpass} is (the login password for
apache)
==>
if executed from command prompt ==> displays DB information (i.e.
evaluates as true)
if executed from web browser ==> evaluates as false
the same is true if password is left blank
the same result if the $who variable is used instead of $INI{DBuser}
Observation: Users that can connect to mysql from the command prompt and
scripts run from the command prompt can access
the MySQL databases, whereas those run from the apache web server cannot
connect.
Presumption: The error that is being generated by the DBI->connect()
statement is a MySQL error, not a system error.
The $@ variable is null in this case.
Thoughts:
----------
It should not be a linux permissions issue: we are asking a process to
access ITS files (dbs). It demonstrates the
ability to do so from the command prompt and from the script run from a
command prompt.
It can't be that mysql "rescues" a bad login from prompt(in this case mysql
-u apache) by substituting
the user from which it was executed, because an apache login bombed when
trying to "use mysql", so mysql clearly
believed the user was "apache".
It is not a MySQL password issue, as shown by the fact that command prompt
"mysql -u apache" works, as does the
execution of a script from the command prompt even though it has no password
in the DBI->connect() statement.
The password being blank for apache from the command prompt did not matter.
This means that the user table is using one of
the more specific apache@localhost or apache@'127.0.0.1' entries rather than
the general apache@% This furtehr implies
that a login into MySQL with user name "apache" and no password should work.
Is it only the user table that allows access? Per the MySQL documentation
6.9: "The user table scope fields determine
whether to allow or reject incoming connections.", so it would appear so.
Is this access based on the logged in user (in this case "apache" from whe
web server) or is it based on the information
supplied to the DBI->connect() statement? The incoming CGI request is user
system user apache (as shown by the
'whoami' in the script. Additionaly the specified user is apache (in the
DBI->connect() statement). Since both are
"apache" and a password is (presumably) not required ...?
Stumped!
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
