folder permissions

OllimaX wrote:

Hi!

My trouble might be simple, but I'm quite new to php, and, perhaps I'm
even more simple.
It's that I had to chmod 777 two folders to get my scripts do what I
wanted them to do, and I don't like it.
I have a script running on my ISP's unix-apache -server. It is to read
string from a form, and create a text-file in a subfolder 'txt' from it.
The essential parts of the script is here:

$fnam=$HTTP_POST_VARS[filename];
$handle =fopen("txt/".$fnam, "w");
$teksti=$HTTP_POST_VARS[tekstikentta];
touch('txt/'.$fnam);
fwrite($handle,$teksti);
fclose($handle);

Can't be simpler.
This script didn't work until I did a chmod777 for both folders, the one
where this script is, and the 't' subfolder. Is there a way to get
around this?
Oll¡maX!

One thing of importance to note is that on UNIX the user/group of Apache
is inherited by the PHP interpreter. Hence, if your Apache process is
running as user "nobody" and group "nobody" and the folder you are
writing to has the user and group set to "OllimaX" respectively; then,
"chmod"ing the folder to 777 will allow the PHP interpreter to write to
that folder. One way to fix this issue is to change the owner of the
folder to "nobody" (you need root access for this operation) and chmod
the folder to 774 (or something lower if you desire).

--
Amir Khawaja.

----------------------------------
Rules are written for those who lack the ability to truly reason, But
for those who can, the rules become nothing more than guidelines, And
live their lives governed not by rules but by reason.
- James McGuigan

Amir Khawaja wrote:

OllimaX wrote:

Hi!

My trouble might be simple, but I'm quite new to php, and, perhaps I'm
even more simple.
It's that I had to chmod 777 two folders to get my scripts do what I
wanted them to do, and I don't like it.
I have a script running on my ISP's unix-apache -server. It is to read
string from a form, and create a text-file in a subfolder 'txt' from it.
The essential parts of the script is here:

$fnam=$HTTP_POST_VARS[filename];
$handle =fopen("txt/".$fnam, "w");
$teksti=$HTTP_POST_VARS[tekstikentta];
touch('txt/'.$fnam);
fwrite($handle,$teksti);
fclose($handle);

Can't be simpler.
This script didn't work until I did a chmod777 for both folders, the one
where this script is, and the 't' subfolder. Is there a way to get
around this?
Oll¡maX!

One thing of importance to note is that on UNIX the user/group of Apache
is inherited by the PHP interpreter. Hence, if your Apache process is
running as user "nobody" and group "nobody" and the folder you are
writing to has the user and group set to "OllimaX" respectively; then,
"chmod"ing the folder to 777 will allow the PHP interpreter to write to
that folder. One way to fix this issue is to change the owner of the
folder to "nobody" (you need root access for this operation) and chmod
the folder to 774 (or something lower if you desire).

Thanks for the information,
My script is on my ISP's server, and I don't have any root access. Are there
any other ways to get away with this?
OllimaX!

Olli Mäntyranta wrote:

Thanks for the information,
My script is on my ISP's server, and I don't have any root access. Are there
any other ways to get away with this?
OllimaX!

Unfortunately, there is no real way around this unless you have root
access. You can take some security measures though. For example, make
sure that the folder being written to is outside your web root. You may
also try:

* chmod the directory containing that folder to 777; then create a setup
script whose sole purpose is to create the needed folder where the files
will reside; then using the setup script, chmod that folder to 644. Once
you have done all that, chmod the parent folder back to 755 (or whatever
you had it as before).

Voila, you will now have a folder that your web process can write to.
However, since you do not have root access, the only way now to delete
that folder will be to write a un-install script and run it.

P.S. make sure your web process runs the setup and un-install scripts
for the aforementioned technique to work.

--
Amir Khawaja.

----------------------------------
Rules are written for those who lack the ability to truly reason, But
for those who can, the rules become nothing more than guidelines, And
live their lives governed not by rules but by reason.
- James McGuigan

Amir Khawaja <am**@gorebels.net> kirjoitti Sat, 24 Jan 2004 15:03:38 -0800:

Olli Mäntyranta wrote:

Thanks for the information,
My script is on my ISP's server, and I don't have any root access. Are
there any other ways to get away with this?

* chmod the directory containing that folder to 777; then create a setup
script whose sole purpose is to create the needed folder where the files
will reside; then using the setup script, chmod that folder to 644. Once
you have done all that, chmod the parent folder back to 755 (or whatever
you had it as before).

Hey this is great! I'll try this.
Thanks for your effort.

Oll¡maX
--
email : ollimantyranta"boing"sunpoint"boing"net