Users/permissions/files - LAMP

So I'm considering a small project that involves online file storage.
Let's say I wanted to set up a site that allows people to log-on,
create an account, and then have space to upload files. The problem
I'm having concerns permissions, basically.

1) How do I automatically create users in Linux from a PHP script
running under Apache's uid/gid?

2) Once 1 is done, how, when they log back on (authenticated with SQL
which will keep up with their username), do I allow them access to
their files for download? I would like to use Linux file permissions
to try and have some sort of security (i.e., would like to store users'
files under /home/[user]/files), but how do I allow the PHP script to
securely access their files, when the script runs under the Apache uid?
Is this a job for suExec?

Any input will be appreciated, and I will clarify anything that is
unclear.


Thanks,
jab3

re: Users/permissions/files - LAMP

jab3 wrote:[color=blue]
> So I'm considering a small project that involves online file storage.
> Let's say I wanted to set up a site that allows people to log-on,
> create an account, and then have space to upload files. The problem
> I'm having concerns permissions, basically.
>
> 1) How do I automatically create users in Linux from a PHP script
> running under Apache's uid/gid?[/color]

You can't. You need to be running as root.[color=blue]
>
> 2) Once 1 is done, how, when they log back on (authenticated with SQL
> which will keep up with their username), do I allow them access to
> their files for download? I would like to use Linux file permissions
> to try and have some sort of security (i.e., would like to store users'
> files under /home/[user]/files), but how do I allow the PHP script to
> securely access their files, when the script runs under the Apache uid?
> Is this a job for suExec?
>[/color]

Again, you need to be running as root to be able to change file
permissions for someone other than the Apache process.
[color=blue]
> Any input will be appreciated, and I will clarify anything that is
> unclear.
>[/color]

One way to do the above is suexec. Or you can start batch jobs to do
the work. One thing you do NOT want to do is give the Apache process
root privileges.
[color=blue]
>
> Thanks,
> jab3
>[/color]


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

re: Users/permissions/files - LAMP

"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:ScednZbsacb1NSnenZ2dnUVZ_sCdnZ2d@comcast.com. ..[color=blue]
> jab3 wrote:[color=green]
>> So I'm considering a small project that involves online file storage.
>> Let's say I wanted to set up a site that allows people to log-on,
>> create an account, and then have space to upload files. The problem
>> I'm having concerns permissions, basically.
>>
>> 1) How do I automatically create users in Linux from a PHP script
>> running under Apache's uid/gid?[/color]
>
> You can't. You need to be running as root.[color=green]
>>[/color][/color]

What about exec( some_script )? Where some_script could be run as root
through sudo? It could be a Perl script or shell script that runs the
appropriate commands to set up the user.

Balazs

re: Users/permissions/files - LAMP

Jerry Stuckle wrote:[color=blue]
> jab3 wrote:[color=green]
> > So I'm considering a small project that involves online file storage.
> > Let's say I wanted to set up a site that allows people to log-on,
> > create an account, and then have space to upload files. The problem
> > I'm having concerns permissions, basically.
> >
> > 1) How do I automatically create users in Linux from a PHP script
> > running under Apache's uid/gid?[/color]
>
> You can't. You need to be running as root.[/color]

Yeah, similar to what Balazs said, I actually have done this by running
a program I wrote in C as setuid root, but I consider that dangerous.
I made the program very compact, dealing with untainted data, but
still. Guess that's the way to go for that though.
[color=blue][color=green]
> >
> > 2) Once 1 is done, how, when they log back on (authenticated with SQL
> > which will keep up with their username), do I allow them access to
> > their files for download? I would like to use Linux file permissions
> > to try and have some sort of security (i.e., would like to store users'
> > files under /home/[user]/files), but how do I allow the PHP script to
> > securely access their files, when the script runs under the Apache uid?
> > Is this a job for suExec?
> >[/color]
>
> Again, you need to be running as root to be able to change file
> permissions for someone other than the Apache process.[/color]

Yep, that's my problem. :) I keep wondering how these other sites do
it (like these online photo sites, e.g. SnapFish, that give you an
account and let you upload images for others to see). I've considered
making it all managed from an SQL database and putting the files in a
PHP-accessible directory with SQL-generated ids as subdirectory names
for each user's folder and bypassing Linux permissions. But that seems
less secure.
[color=blue][color=green]
> > Any input will be appreciated, and I will clarify anything that is
> > unclear.
> >[/color]
>
> One way to do the above is suexec. Or you can start batch jobs to do
> the work. One thing you do NOT want to do is give the Apache process
> root privileges.[/color]

I suppose I could have cron jobs that run x times an hour to move stuff
around. I'll have to look some more into suexec. And don't worry,
giving Apache root access has not occurred to me. :)


Thanks for help,
jab3

re: Users/permissions/files - LAMP

Balazs Wellisch wrote:[color=blue]
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:ScednZbsacb1NSnenZ2dnUVZ_sCdnZ2d@comcast.com. ..[color=green]
> > jab3 wrote:[color=darkred]
> >> So I'm considering a small project that involves online file storage.
> >> Let's say I wanted to set up a site that allows people to log-on,
> >> create an account, and then have space to upload files. The problem
> >> I'm having concerns permissions, basically.
> >>
> >> 1) How do I automatically create users in Linux from a PHP script
> >> running under Apache's uid/gid?[/color]
> >
> > You can't. You need to be running as root.[color=darkred]
> >>[/color][/color]
>
> What about exec( some_script )? Where some_script could be run as root
> through sudo? It could be a Perl script or shell script that runs the
> appropriate commands to set up the user.
>[/color]

Yeah, as I told Jerry, I've done this before with a C program I wrote.
Was wondering if there was a better way as far as this option is
concerned. It's really the managing of the user's files when they log
onto the website that I've got problems figuring out. Uploading and
moving to appropriate directory (e.g., /home/'user'/files), then
browsing them for downloading again, etc.


Thanks for help,
jab3

re: Users/permissions/files - LAMP

[color=blue][color=green][color=darkred]
>> > 2) Once 1 is done, how, when they log back on (authenticated with SQL
>> > which will keep up with their username), do I allow them access to
>> > their files for download? I would like to use Linux file permissions
>> > to try and have some sort of security (i.e., would like to store users'
>> > files under /home/[user]/files), but how do I allow the PHP script to
>> > securely access their files, when the script runs under the Apache uid?
>> > Is this a job for suExec?
>> >[/color]
>>[/color][/color]

I think it would be much simpler and just as secure to store the files
outside the web root and use a script to retrive them based on information
in a database table. So you're HTML in case of an image would look something
like this:

<img src="fileserver.php?userId=XXX&fileID=XXX">

Then the script "fileserver.php" would look up the appropriate details for
the file including its mime type and return it to the browser. It would also
be responsible for authenticating the request based on the userId. For added
security the userId can either be encrypted or stored in the session so it
doesn't have to be passed in on the URL.

Balazs

re: Users/permissions/files - LAMP

Balazs Wellisch wrote:[color=blue][color=green][color=darkred]
> >> > 2) Once 1 is done, how, when they log back on (authenticated with SQL
> >> > which will keep up with their username), do I allow them access to
> >> > their files for download? I would like to use Linux file permissions
> >> > to try and have some sort of security (i.e., would like to store users'
> >> > files under /home/[user]/files), but how do I allow the PHP script to
> >> > securely access their files, when the script runs under the Apache uid?
> >> > Is this a job for suExec?
> >> >
> >>[/color][/color]
>
> I think it would be much simpler and just as secure to store the files
> outside the web root and use a script to retrive them based on information
> in a database table. So you're HTML in case of an image would look something
> like this:
>
> <img src="fileserver.php?userId=XXX&fileID=XXX">
>
> Then the script "fileserver.php" would look up the appropriate details for
> the file including its mime type and return it to the browser. It would also
> be responsible for authenticating the request based on the userId. For added
> security the userId can either be encrypted or stored in the session so it
> doesn't have to be passed in on the URL.[/color]

Interesting. That's a good idea. Would this directory off the
web-root be owned by the apache user/group? (Doesn't the PHP script
run as the apache user?) Cause if the files were just world-readable,
I would have to figure a way to get the files there after uploading in
the first place, which presumably could just be a perl script or
something run as the owner of the directory.

Thanks for the idea,
jab3

re: Users/permissions/files - LAMP

Yeah, it would have to be owned by the apache user since I'm assuming you're
going to upload the files through the web as well. Apache will need to have
write access to it. I don't think any other user should have access to it at
all

To upload the files you'd just use move_uploaded_file().
http://www.php.net/manual/en/features.file-upload.php

B
[color=blue]
>
> Interesting. That's a good idea. Would this directory off the
> web-root be owned by the apache user/group? (Doesn't the PHP script
> run as the apache user?) Cause if the files were just world-readable,
> I would have to figure a way to get the files there after uploading in
> the first place, which presumably could just be a perl script or
> something run as the owner of the directory.
>
> Thanks for the idea,
> jab3
>[/color]

re: Users/permissions/files - LAMP

Balazs Wellisch wrote:[color=blue]
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:ScednZbsacb1NSnenZ2dnUVZ_sCdnZ2d@comcast.com. ..
>[color=green]
>>jab3 wrote:
>>[color=darkred]
>>>So I'm considering a small project that involves online file storage.
>>>Let's say I wanted to set up a site that allows people to log-on,
>>>create an account, and then have space to upload files. The problem
>>>I'm having concerns permissions, basically.
>>>
>>>1) How do I automatically create users in Linux from a PHP script
>>>running under Apache's uid/gid?[/color]
>>
>>You can't. You need to be running as root.
>>[/color]
>
> What about exec( some_script )? Where some_script could be run as root
> through sudo? It could be a Perl script or shell script that runs the
> appropriate commands to set up the user.
>
> Balazs
>
>[/color]

That's one way to do it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

re: Users/permissions/files - LAMP

jab3 wrote:[color=blue]
>
>
> Yeah, similar to what Balazs said, I actually have done this by running
> a program I wrote in C as setuid root, but I consider that dangerous.
> I made the program very compact, dealing with untainted data, but
> still. Guess that's the way to go for that though.
>[/color]

Yes, that's one way to do things.
[color=blue]
> Yep, that's my problem. :) I keep wondering how these other sites do
> it (like these online photo sites, e.g. SnapFish, that give you an
> account and let you upload images for others to see). I've considered
> making it all managed from an SQL database and putting the files in a
> PHP-accessible directory with SQL-generated ids as subdirectory names
> for each user's folder and bypassing Linux permissions. But that seems
> less secure.
>[/color]

Why not just keep everything owned by the Apache process? Protect
access to the files through a download script, .htaccess, or some
similar way.

Even if you do change the ownership of the files you won't be more or
less secure. They'll all be access via the Apache uid anyway.
[color=blue]
>
> I suppose I could have cron jobs that run x times an hour to move stuff
> around. I'll have to look some more into suexec. And don't worry,
> giving Apache root access has not occurred to me. :)
>[/color]

One of the worst ways to do things.
[color=blue]
>
> Thanks for help,
> jab3
>[/color]

As I said - I just keep everything owned by Apache. Membership is
managed through a MySQL database or .htaccess.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================