By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,998 Members | 2,815 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,998 IT Pros & Developers. It's quick & easy.

Users/permissions/files - LAMP

P: n/a
So I'm considering a small project that involves online file storage.
Let's say I wanted to set up a site that allows people to log-on,
create an account, and then have space to upload files. The problem
I'm having concerns permissions, basically.

1) How do I automatically create users in Linux from a PHP script
running under Apache's uid/gid?

2) Once 1 is done, how, when they log back on (authenticated with SQL
which will keep up with their username), do I allow them access to
their files for download? I would like to use Linux file permissions
to try and have some sort of security (i.e., would like to store users'
files under /home/[user]/files), but how do I allow the PHP script to
securely access their files, when the script runs under the Apache uid?
Is this a job for suExec?

Any input will be appreciated, and I will clarify anything that is
unclear.
Thanks,
jab3

Dec 30 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
jab3 wrote:
So I'm considering a small project that involves online file storage.
Let's say I wanted to set up a site that allows people to log-on,
create an account, and then have space to upload files. The problem
I'm having concerns permissions, basically.

1) How do I automatically create users in Linux from a PHP script
running under Apache's uid/gid?
You can't. You need to be running as root.
2) Once 1 is done, how, when they log back on (authenticated with SQL
which will keep up with their username), do I allow them access to
their files for download? I would like to use Linux file permissions
to try and have some sort of security (i.e., would like to store users'
files under /home/[user]/files), but how do I allow the PHP script to
securely access their files, when the script runs under the Apache uid?
Is this a job for suExec?

Again, you need to be running as root to be able to change file
permissions for someone other than the Apache process.
Any input will be appreciated, and I will clarify anything that is
unclear.

One way to do the above is suexec. Or you can start batch jobs to do
the work. One thing you do NOT want to do is give the Apache process
root privileges.

Thanks,
jab3

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Dec 30 '05 #2

P: n/a

"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:Sc******************************@comcast.com. ..
jab3 wrote:
So I'm considering a small project that involves online file storage.
Let's say I wanted to set up a site that allows people to log-on,
create an account, and then have space to upload files. The problem
I'm having concerns permissions, basically.

1) How do I automatically create users in Linux from a PHP script
running under Apache's uid/gid?


You can't. You need to be running as root.


What about exec( some_script )? Where some_script could be run as root
through sudo? It could be a Perl script or shell script that runs the
appropriate commands to set up the user.

Balazs
Dec 30 '05 #3

P: n/a
Jerry Stuckle wrote:
jab3 wrote:
So I'm considering a small project that involves online file storage.
Let's say I wanted to set up a site that allows people to log-on,
create an account, and then have space to upload files. The problem
I'm having concerns permissions, basically.

1) How do I automatically create users in Linux from a PHP script
running under Apache's uid/gid?


You can't. You need to be running as root.


Yeah, similar to what Balazs said, I actually have done this by running
a program I wrote in C as setuid root, but I consider that dangerous.
I made the program very compact, dealing with untainted data, but
still. Guess that's the way to go for that though.

2) Once 1 is done, how, when they log back on (authenticated with SQL
which will keep up with their username), do I allow them access to
their files for download? I would like to use Linux file permissions
to try and have some sort of security (i.e., would like to store users'
files under /home/[user]/files), but how do I allow the PHP script to
securely access their files, when the script runs under the Apache uid?
Is this a job for suExec?


Again, you need to be running as root to be able to change file
permissions for someone other than the Apache process.


Yep, that's my problem. :) I keep wondering how these other sites do
it (like these online photo sites, e.g. SnapFish, that give you an
account and let you upload images for others to see). I've considered
making it all managed from an SQL database and putting the files in a
PHP-accessible directory with SQL-generated ids as subdirectory names
for each user's folder and bypassing Linux permissions. But that seems
less secure.
Any input will be appreciated, and I will clarify anything that is
unclear.


One way to do the above is suexec. Or you can start batch jobs to do
the work. One thing you do NOT want to do is give the Apache process
root privileges.


I suppose I could have cron jobs that run x times an hour to move stuff
around. I'll have to look some more into suexec. And don't worry,
giving Apache root access has not occurred to me. :)
Thanks for help,
jab3

Dec 30 '05 #4

P: n/a
Balazs Wellisch wrote:
"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:Sc******************************@comcast.com. ..
jab3 wrote:
So I'm considering a small project that involves online file storage.
Let's say I wanted to set up a site that allows people to log-on,
create an account, and then have space to upload files. The problem
I'm having concerns permissions, basically.

1) How do I automatically create users in Linux from a PHP script
running under Apache's uid/gid?


You can't. You need to be running as root.


What about exec( some_script )? Where some_script could be run as root
through sudo? It could be a Perl script or shell script that runs the
appropriate commands to set up the user.


Yeah, as I told Jerry, I've done this before with a C program I wrote.
Was wondering if there was a better way as far as this option is
concerned. It's really the managing of the user's files when they log
onto the website that I've got problems figuring out. Uploading and
moving to appropriate directory (e.g., /home/'user'/files), then
browsing them for downloading again, etc.
Thanks for help,
jab3

Dec 30 '05 #5

P: n/a
> 2) Once 1 is done, how, when they log back on (authenticated with SQL
> which will keep up with their username), do I allow them access to
> their files for download? I would like to use Linux file permissions
> to try and have some sort of security (i.e., would like to store users'
> files under /home/[user]/files), but how do I allow the PHP script to
> securely access their files, when the script runs under the Apache uid?
> Is this a job for suExec?
>


I think it would be much simpler and just as secure to store the files
outside the web root and use a script to retrive them based on information
in a database table. So you're HTML in case of an image would look something
like this:

<img src="fileserver.php?userId=XXX&fileID=XXX">

Then the script "fileserver.php" would look up the appropriate details for
the file including its mime type and return it to the browser. It would also
be responsible for authenticating the request based on the userId. For added
security the userId can either be encrypted or stored in the session so it
doesn't have to be passed in on the URL.

Balazs
Dec 30 '05 #6

P: n/a
Balazs Wellisch wrote:
> 2) Once 1 is done, how, when they log back on (authenticated with SQL
> which will keep up with their username), do I allow them access to
> their files for download? I would like to use Linux file permissions
> to try and have some sort of security (i.e., would like to store users'
> files under /home/[user]/files), but how do I allow the PHP script to
> securely access their files, when the script runs under the Apache uid?
> Is this a job for suExec?
>


I think it would be much simpler and just as secure to store the files
outside the web root and use a script to retrive them based on information
in a database table. So you're HTML in case of an image would look something
like this:

<img src="fileserver.php?userId=XXX&fileID=XXX">

Then the script "fileserver.php" would look up the appropriate details for
the file including its mime type and return it to the browser. It would also
be responsible for authenticating the request based on the userId. For added
security the userId can either be encrypted or stored in the session so it
doesn't have to be passed in on the URL.


Interesting. That's a good idea. Would this directory off the
web-root be owned by the apache user/group? (Doesn't the PHP script
run as the apache user?) Cause if the files were just world-readable,
I would have to figure a way to get the files there after uploading in
the first place, which presumably could just be a perl script or
something run as the owner of the directory.

Thanks for the idea,
jab3

Dec 30 '05 #7

P: n/a
Yeah, it would have to be owned by the apache user since I'm assuming you're
going to upload the files through the web as well. Apache will need to have
write access to it. I don't think any other user should have access to it at
all

To upload the files you'd just use move_uploaded_file().
http://www.php.net/manual/en/features.file-upload.php

B

Interesting. That's a good idea. Would this directory off the
web-root be owned by the apache user/group? (Doesn't the PHP script
run as the apache user?) Cause if the files were just world-readable,
I would have to figure a way to get the files there after uploading in
the first place, which presumably could just be a perl script or
something run as the owner of the directory.

Thanks for the idea,
jab3

Dec 30 '05 #8

P: n/a
Balazs Wellisch wrote:
"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:Sc******************************@comcast.com. ..
jab3 wrote:
So I'm considering a small project that involves online file storage.
Let's say I wanted to set up a site that allows people to log-on,
create an account, and then have space to upload files. The problem
I'm having concerns permissions, basically.

1) How do I automatically create users in Linux from a PHP script
running under Apache's uid/gid?


You can't. You need to be running as root.


What about exec( some_script )? Where some_script could be run as root
through sudo? It could be a Perl script or shell script that runs the
appropriate commands to set up the user.

Balazs


That's one way to do it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Dec 30 '05 #9

P: n/a
jab3 wrote:


Yeah, similar to what Balazs said, I actually have done this by running
a program I wrote in C as setuid root, but I consider that dangerous.
I made the program very compact, dealing with untainted data, but
still. Guess that's the way to go for that though.

Yes, that's one way to do things.
Yep, that's my problem. :) I keep wondering how these other sites do
it (like these online photo sites, e.g. SnapFish, that give you an
account and let you upload images for others to see). I've considered
making it all managed from an SQL database and putting the files in a
PHP-accessible directory with SQL-generated ids as subdirectory names
for each user's folder and bypassing Linux permissions. But that seems
less secure.

Why not just keep everything owned by the Apache process? Protect
access to the files through a download script, .htaccess, or some
similar way.

Even if you do change the ownership of the files you won't be more or
less secure. They'll all be access via the Apache uid anyway.

I suppose I could have cron jobs that run x times an hour to move stuff
around. I'll have to look some more into suexec. And don't worry,
giving Apache root access has not occurred to me. :)

One of the worst ways to do things.

Thanks for help,
jab3


As I said - I just keep everything owned by Apache. Membership is
managed through a MySQL database or .htaccess.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Dec 30 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.