By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,347 Members | 1,390 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,347 IT Pros & Developers. It's quick & easy.

Changing file permissions through a PHP script

P: n/a
LRW
Sorry to crosspost, but I have no idea if this is more a PHP question
of general Linux question.

I have a script that makes changes to image files, montages them into
a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.

Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesn't have write
permission to alter those files (whether with mogrify or convert, but
that doesn't matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesn't seem to have the right to run chown or chmod on the files with
"(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? I'm at a complete loss!
Thanks!
Liam
Jul 17 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
LRW wrote:
Sorry to crosspost, but I have no idea if this is more a PHP question
of general Linux question.

I have a script that makes changes to image files, montages them into
a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.

Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesn't have write
permission to alter those files (whether with mogrify or convert, but
that doesn't matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesn't seem to have the right to run chown or chmod on the files with
"(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? I'm at a complete loss!


You can't chown or chmod files you don't own (unless you're root) for
obvious security reasons. The process doing the chown either needs to
run as "nobody" (the current owner) or "root", so it cannot be done by a
script running as the "apache" user.

Ideally, the permissions on the Samba share would allow access by the
"apache" user. Or you could run a script from cron (as "nobody" or
root) to check for appropriate files and chown them before calling the
script.

(This is addressing the Linux side of the issue and is the same
regardless of what language the script is written in. PHP may offer
some additional features providing another method for dealing with the
situation.)
Jul 17 '05 #2

P: n/a
On 2004-07-02, LRW wrote:
Sorry to crosspost, but I have no idea if this is more a PHP question
of general Linux question.

I have a script that makes changes to image files, montages them into
a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.

Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesn't have write
permission to alter those files (whether with mogrify or convert, but
that doesn't matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesn't seem to have the right to run chown or chmod on the files with
"(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? I'm at a complete loss!


Only root can chown a file, and only root or the owner can chmod
one.

Use sudo to allow apache to run a script that makes the changes.

--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
================================================== =================
My code (if any) in this post is copyright 2004, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License
Jul 17 '05 #3

P: n/a
LRW wrote:
Sorry to crosspost, but I have no idea if this is more a PHP question of general Linux question.

I have a script that makes changes to image files, montages them into a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.
Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesnít have write
permission to alter those files (whether with mogrify or convert, but that doesnít matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesnít seem to have the right to run chown or chmod on the files with "(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? Iím at a complete loss!
Thanks!
Liam

You can run php either under apache as a web page, or from the command
line. What you are doing seems like it is a batch job, and it is more
reliably run from the command line. In that case, you can simply run
it from root.

--
http://www.dbForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-Changing...ict125760.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=419213
Jul 17 '05 #4

P: n/a
LRW
"Chris F.A. Johnson" <cf********@gmail.com> wrote in message news:<2k************@uni-berlin.de>...

Only root can chown a file, and only root or the owner can chmod
one.

Use sudo to allow apache to run a script that makes the changes.


Thanks for the replies, all.
Now, I can't figure out how to automatically run the shell script as
anything other than apache, since it's a PHP script that's starting
the shell script.

In the script I use:
sudo -u nobody /usr/bin/mogrify (etc)
but that then gives me "password" errors (if I view the output.)
Obviously sudo needs a password to be given automatically, but even if
I knew what the password for "nobody" was, how would you automatically
pass it through a sudo in a shell script? (I suppose I could use root
if I could figure that out.)

I checked the sudo man, and I see where you can provide -p switches
using percentile-letters. But, those look like ways to change the
password prompt or requirements, not any way to pass it a password.

Someone suggested adding apache as having rights to the samba share. I
added this to smb.conf:
[shipthumbs]
comment = ShipThumbs
path = /var/www/html/pa-thumbs/shipthumbs
public = yes
valid users = sarah apache nobody
writeable = yes
guest ok = yes

What more do I need to do to give apache user rights? As you can see,
the share is also sitting in the middle of the web server's home
folder, and the owner and group owner for the folder is apache. It's
just that whenever "sarah" copies files INTO the folder, they get an
owner tag of nobody and permissions of 744 automatically.

Thanks for any help!
Liam
Jul 17 '05 #5

P: n/a
LRW wrote:

In the script I use:
sudo -u nobody /usr/bin/mogrify (etc)
but that then gives me "password" errors (if I view the output.)
Obviously sudo needs a password to be given automatically, but even if
I knew what the password for "nobody" was, how would you automatically
pass it through a sudo in a shell script?


Check your /etc/sudoers file. It's possible that it disallows "nobody"
from using sudo at all. More importantly though, it can be configured
to allow "nobody" to use sudo *without* a password. See man 5
/etc/sudoers for more information.

Warning: think long and hard about the security considerations of
giving permission to "nobody" to use sudo without a password. You'll
almost certainly also want to restrict which commands it is allowd to
use in that mode.
Jul 17 '05 #6

P: n/a
LRW
John-Paul Stewart <jp*******@binaryfoundry.ca> wrote in message news:<17***********@mail.binaryfoundry.ca>...
LRW wrote:

In the script I use:
sudo -u nobody /usr/bin/mogrify (etc)
but that then gives me "password" errors (if I view the output.)
Obviously sudo needs a password to be given automatically, but even if
I knew what the password for "nobody" was, how would you automatically
pass it through a sudo in a shell script?


Check your /etc/sudoers file. It's possible that it disallows "nobody"
from using sudo at all. More importantly though, it can be configured
to allow "nobody" to use sudo *without* a password. See man 5
/etc/sudoers for more information.

Warning: think long and hard about the security considerations of
giving permission to "nobody" to use sudo without a password. You'll
almost certainly also want to restrict which commands it is allowd to
use in that mode.

WOW! That's fantastic! So, I've always just "man foo" to see the
manual for a command...how does one know that there's other man files
that you can access by putting a number after the "man"? "man 5
sudoers" has some great info that completely solves my problem, and
helps me with the security concerns you mentioned.

Thanks for the reply!
Liam
Jul 17 '05 #7

P: n/a
[Note follow-ups set to c.o.l.misc since this no longer has anything to
do with PHP.]

LRW wrote:

WOW! That's fantastic! So, I've always just "man foo" to see the
manual for a command...how does one know that there's other man files
that you can access by putting a number after the "man"?


'man sudo' says at the bottom of the page "See also...sudoers(5)". The
number in parentheses is the section number that you can pass to the
'man' command. Also, 'apropos sudo' will give you a list of relevant
pages and their section numbers.

The 'man 5 sudoers' command doesn't really need the '5', since the only
manpage named 'sudoers' is in section 5. A better example might be 'man
passwd', which will give you the section 1 info for the passwd command
by default. (Equivalent to 'man 1 passwd'.) 'man 5 passwd' will give
you the passwd page from section 5, where you'll find documentation on
the /etc/passwd file format. If you want to see all of the pages from
all sections for passwd, 'man -a passwd' will cycle you through them
all. (When you close one, the next will be displayed.)

'man man' gives you a list of what each section contains.
Jul 17 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.