Connecting Tech Pros Worldwide Help | Site Map
bytes > topic > php > answers

file creation: ownership

jonathanmcdougall@gmail.com
Guest
  
Posts: n/a
#1: Aug 21 '05
I have read many posts on this subject and found no satisfying answer.

I am creating a file on the server via a PHP script. The file is
created using GD (imagejpeg()), though I don't think it is specific to
GD.

Here is what I understand so far:
1) a PHP script runs in the webserver user space. In my case, this is
'apache', though I think 'nobody' is quite frequent also.
2) creating a file from the script makes the "current" user its owner;
in this
case, it is also 'apache'
3) for a reason I don't get, this file will get a permission rx-------
4) using ftp solves the problem

Now, this is a problem to me. I need to create a file which will have
the same owner as if I uploaded it by ftp. IIUC, I cannot use GD with
ftp. More generally, I would prefer to avoir ftp.

The server is running in safe mode, it may cause additional problems I
am not aware of.

chmod and chown are disabled.

Therefore, I need a way to create a file (specifically with GD) which
*I* will own, as if I uploaded it by ftp.

This is getting quite urgent so a quick answer would be appreciated,
though I understand my time is not more valuable than yours.

Thank you,


Jonathan
Colin McKinnon
Guest
  
Posts: n/a
#2: Aug 21 '05

re: file creation: ownership

jonathanmcdougall@gmail.com wrote:
[color=blue]
> I have read many posts on this subject and found no satisfying answer.
>[/color]
<snip>[color=blue]
> Now, this is a problem to me. I need to create a file which will have
> the same owner as if I uploaded it by ftp. IIUC, I cannot use GD with
> ftp. More generally, I would prefer to avoir ftp.
>[/color]
<snip>[color=blue]
>
> chmod and chown are disabled.
>[/color]

So I guess you don't control the server. The security model has been
specifically configured to prevent you doing such a thing. (actually the
objective is probably to prevent other people, particularly those whom
should not have access, but it amounts to the same thing).

Assuming that both the chmod program AND the chmod php function are disabled
(you didn't say which) then there's not a lot you can do (except maybe you
could ask root to put you in the same group as the apache user and create a
dir with drwsrwx--- permissions, or setup a sudo job for the apache user,
but if you're accesing the system via FTP, it rather implies that this is a
hosted box rather than a high-security installation).

Maybe the best option is to look at why you think you need to create a file
owned by the ftp account which you didn't really explain in your post.

C.
Michael Vilain
Guest
  
Posts: n/a
#3: Aug 22 '05

re: file creation: ownership

In article <1124654100.421269.172230@z14g2000cwz.googlegroups .com>,
jonathanmcdougall@gmail.com wrote:
[color=blue]
> I have read many posts on this subject and found no satisfying answer.
>
> I am creating a file on the server via a PHP script. The file is
> created using GD (imagejpeg()), though I don't think it is specific to
> GD.
>
> Here is what I understand so far:
> 1) a PHP script runs in the webserver user space. In my case, this is
> 'apache', though I think 'nobody' is quite frequent also.
> 2) creating a file from the script makes the "current" user its owner;
> in this
> case, it is also 'apache'
> 3) for a reason I don't get, this file will get a permission rx-------
> 4) using ftp solves the problem
>
> Now, this is a problem to me. I need to create a file which will have
> the same owner as if I uploaded it by ftp. IIUC, I cannot use GD with
> ftp. More generally, I would prefer to avoir ftp.
>
> The server is running in safe mode, it may cause additional problems I
> am not aware of.
>
> chmod and chown are disabled.
>
> Therefore, I need a way to create a file (specifically with GD) which
> *I* will own, as if I uploaded it by ftp.
>
> This is getting quite urgent so a quick answer would be appreciated,
> though I understand my time is not more valuable than yours.
>
> Thank you,
>
>
> Jonathan[/color]

I run a web site on my ISP's shared host under Apache with mod_php and
mod_perl. As you've found, any files created by php in this way are
owned by the Apache user, "apache" in your case. There's currently now
way to avoid this under this security model nor would I imagine my ISP's
admins allowing it.

But they saw the need for web developers to create files owned by the
user, so they installed cgiwrap (http://cgiwrap.sourceforge.net/) to
allow cgi programs to run in the context of the user. They don't offer
php as a cgi language, so I wrote want I needed in perl. Works just
fine.

If you don't have these options or your web server can't be configured
this way, you'll have to "roll your own" server and manage it yourself.
More expensive, but you then become a Unix admin as well as a web
developer. There are Linux web-server ISPs that offer this service.
I'm sure someone will chime in with some suggestions.

--
DeeDee, don't press that button! DeeDee! NO! Dee...
Jonathan Mcdougall
Guest
  
Posts: n/a
#4: Aug 22 '05

re: file creation: ownership

Colin McKinnon wrote:[color=blue]
> jonathanmcdougall@gmail.com wrote:
>[color=green]
> > I have read many posts on this subject and found no satisfying answer.
> >[/color]
> <snip>[color=green]
> > Now, this is a problem to me. I need to create a file which will have
> > the same owner as if I uploaded it by ftp. IIUC, I cannot use GD with
> > ftp. More generally, I would prefer to avoir ftp.
> >[/color]
> <snip>[color=green]
> >
> > chmod and chown are disabled.
> >[/color]
>
> So I guess you don't control the server.[/color]

I don't. It's a private hosting company.
[color=blue]
> The security model has been
> specifically configured to prevent you doing such a thing. (actually the
> objective is probably to prevent other people, particularly those whom
> should not have access, but it amounts to the same thing).[/color]

I may be able to make suggestions to the company (looks like a small
one, but I may be mistaken). IIUC, that's how PHP works. The only way
(and I see this as a hack) is to chown the file after uploading. So the
suggestion I could make would be to enable chown in PHP. Would that be
a major thing to do for the company?
[color=blue]
> Assuming that both the chmod program AND the chmod php function are disabled
> (you didn't say which)[/color]

I didn't know they were separated. I checked and both are.
[color=blue]
> then there's not a lot you can do (except maybe you
> could ask root to put you in the same group as the apache user
> and create a dir with drwsrwx--- permissions,[/color]

Probably impossible.

<snip>
[color=blue]
> Maybe the best option is to look at why you think you need to create a file
> owned by the ftp account which you didn't really explain in your post.[/color]

I am hosting a blog on which I can upload pictures. Uploading is done
in two parts: first an applet uploads the picture by ftp and then a php
script creates thumbnails with GD. The java applet is fine (uses ftp,
of course) but the php script (gd) creates file having the owner
'apache'. There is the problem.

An obvious solution would be to have the java applet making the
thumbnail, but I would like to keep the current setup (a pain to
modify).

Any hints?


Jonathan
Colin McKinnon
Guest
  
Posts: n/a
#5: Aug 22 '05

re: file creation: ownership

Jonathan Mcdougall wrote:
[color=blue]
>[color=green]
>> Maybe the best option is to look at why you think you need to create a
>> file owned by the ftp account which you didn't really explain in your
>> post.[/color]
>
> I am hosting a blog on which I can upload pictures. Uploading is done
> in two parts: first an applet uploads the picture by ftp and then a php
> script creates thumbnails with GD. The java applet is fine (uses ftp,
> of course) but the php script (gd) creates file having the owner
> 'apache'. There is the problem.
>[/color]

Nope, I don't get why this is a problem - unless PHP can't access the images
becuase the FTPd is also set to save files 0600 (is chmod in ftp disabled
too?).
[color=blue]
> An obvious solution would be to have the java applet making the
> thumbnail, but I would like to keep the current setup (a pain to
> modify).
>[/color]

Sounds like the problem is the permissions with the ftpd which you're trying
to fix from PHP.

quick suggestions:

1) upload the file using HTTP (ftp is just BAD anyway)
2) upload the file to a temporary area using ftp then have you PHP file scan
the area for new files and copy them (with the permissions of the
webserver) to the 'live' area.

C.
Jonathan Mcdougall
Guest
  
Posts: n/a
#6: Aug 23 '05

re: file creation: ownership


Colin McKinnon wrote:[color=blue]
> Jonathan Mcdougall wrote:
>[color=green]
> >[color=darkred]
> >> Maybe the best option is to look at why you think you need to create a
> >> file owned by the ftp account which you didn't really explain in your
> >> post.[/color]
> >
> > I am hosting a blog on which I can upload pictures. Uploading is done
> > in two parts: first an applet uploads the picture by ftp and then a php
> > script creates thumbnails with GD. The java applet is fine (uses ftp,
> > of course) but the php script (gd) creates file having the owner
> > 'apache'. There is the problem.
> >[/color]
>
> Nope, I don't get why this is a problem - unless PHP can't access the images
> becuase the FTPd is also set to save files 0600 (is chmod in ftp disabled
> too?).[/color]

For each image sent by the user, I keep two on the server. The first is
sent by the java applet (using FTP) and is the original version. It it
saved in a folder and I have no problem with this file (I am the owner,
at least 0644).

The java applet then refreshes the page and a PHP script kicks in. It
finds the newly uploaded images and creates thumbnails with gd. These
files are saved in the same folder. These are the problematic files:
the owner is 'apache' and they are 0600.

Accessing the first (uploaded by applet/FTP) images is fine.

Accessing the thumbnails (created by PHP) does not work, as if the
image were non existent. Asking the hosting company to modify the
permissions of these files to 0644 makes the images load fine.
[color=blue][color=green]
> > An obvious solution would be to have the java applet making the
> > thumbnail, but I would like to keep the current setup (a pain to
> > modify).
> >[/color]
>
> Sounds like the problem is the permissions with the ftpd which you're trying
> to fix from PHP.[/color]

No. Two different files are created. The first one by FTP is fine and
the second one by PHP is wrong.

What's more, if I do something like

<?php

$i = createimage(1, 1);
createjpeg($i, "test");

?>

on a test page, the "test" file is owner by 'apache' and is 0600
(rw-------).
[color=blue]
> quick suggestions:
>
> 1) upload the file using HTTP (ftp is just BAD anyway)[/color]

I can't. Several (unlimited, but usually 15-20) jpeg pictures, usually
around 200k each. Impossible with the current server settings (max
upload particularily) and 20 text boxes with browse buttons are not
quite user-friendly.
[color=blue]
> 2) upload the file to a temporary area using ftp then have you PHP file scan
> the area for new files and copy them (with the permissions of the
> webserver) to the 'live' area.[/color]

Hmm.. That seems good, but how would that solve the problem? And I need
to create a thumbnail. How could that 'temporary area' solve the
problem?


Jonathan
heyster
Guest
  
Posts: n/a
#7: Aug 31 '05

re: file creation: ownership

On 21 Aug 2005 12:55:00 -0700, jonathanmcdougall@gmail.com wrote:
[color=blue]
>I have read many posts on this subject and found no satisfying answer.
>
>I am creating a file on the server via a PHP script. The file is
>created using GD (imagejpeg()), though I don't think it is specific to
>GD.
>
>Here is what I understand so far:
> 1) a PHP script runs in the webserver user space. In my case, this is
> 'apache', though I think 'nobody' is quite frequent also.
> 2) creating a file from the script makes the "current" user its owner;
>in this
> case, it is also 'apache'
> 3) for a reason I don't get, this file will get a permission rx-------
> 4) using ftp solves the problem
>
>Now, this is a problem to me. I need to create a file which will have
>the same owner as if I uploaded it by ftp. IIUC, I cannot use GD with
>ftp. More generally, I would prefer to avoir ftp.
>
>The server is running in safe mode, it may cause additional problems I
>am not aware of.
>
>chmod and chown are disabled.
>
>Therefore, I need a way to create a file (specifically with GD) which
>*I* will own, as if I uploaded it by ftp.
>
>This is getting quite urgent so a quick answer would be appreciated,
>though I understand my time is not more valuable than yours.
>
>Thank you,
>
>
>Jonathan[/color]

Here's a far-out suggestion (that means it's untested), but what about
using PHP's built-in ftp functions such as ftp_chmod to set
permissions as needed.

Good luck!

heyster
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,272 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved