Thursday, October 6, 2011

Setting up FastRWeb/Rserve on Ubuntu

This blog entry documents my recent (successful) attempt to use Simon Urbanek's Rserve and FastRWeb for CGI scripting with R.  This is a working blog entry and will be updated or replaced as needed (last updated 4:15 PM 10/6/2011).

#### Helpful documentation:
    (Plus personal communications with Simon, the results
     of which are included in the summary below)

#### The steps used (your configuration probably varies):

0. Ubuntu Linux, 64-bit, Version 10.04 LTS (plus updates).  I did the following steps as root, but will return to security issues below.

1. I did a fresh installation of the apache2 web server.  I noted that the default location of the cgi-bin (used later) is /usr/lib/cgi-bin; yours may vary.  I confirmed that this was up and running and that I could use the toy CGI script foo.cgi placed in the cgi-bin:

    print "Content-type: text/html\n\n";
    print "<html>Hello World</html>";

To test this I pointed my browser to http://localhost/cgi-bin/foo.cgi; if there are problems, consult your system administrator or do detective work (probably in the log files, /var/log/apache2 on my system).  Do not continue until you have Hello World working!

2. I did a fresh installation of R, version 2.13.2, using the required --enable-R-shlib option to configure.

3. I installed R packages Rserve, Cairo, FastRWeb, and (though not required) XML (this required installing some libxml2... package in Ubuntu, first, but again is NOT required for Rserve/FastRWeb).

4. After installing FastRWeb, I went into the inst directory of the package and ran the script; this created /var/FastRWeb, used extensively below.

5. I went into /var/FastRWeb/code and examined the files; in a slightly older version of FastRWeb I commented out a few lines, but the current (10/6/2011) version removed that need for me.

6. I fired up R, and per Simon's instructions did the following:

    system.file("cgi-bin", package="FastRWeb")

This revealed the location of a binary called Rcgi.  I copied this into /usr/lib/cgi-bin, and renamed it R (instead of Rcgi).

7. Finally, I created a file /var/FastRWeb/web.R/foo.png.R:

    # foo.png.R:
    run <- function(n=100, ...) {
      n <- as.integer(n)
      p <- WebPlot(800, 600)
      plot(rnorm(n), rnorm(n), pch=19, col=2)

8. I tested it with the URL: http://localhost/cgi-bin/R/foo.png?n=500

#### Security Issues

I have a feeling that if you have a "trusted machine" without user access, the steps above may not technically pose security risks (even as root); but they do not represent good security practices and *would* introduce security risks on shared servers.  For my purposes, I added to the beginning of /var/FastRWeb/code/rserve.conf:

    gid 33
    uid 33

because www-data (uid and gid 33) is the username for my apache2 instances and it seemed like a reasonable choice.  For good measure, I also changed permissions in /var/FastRWeb:

    chown www-data:www-data .
    chown -R www-data:www-data ./*

Finally, I set

    sockmod 0660
    umask 0007

based on Simon's recommendation for further security. To stop Rserve and FastRWeb:

    killall -INT Rserve