473,322 Members | 1,620 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Changing file permissions through a PHP script

LRW
Sorry to crosspost, but I have no idea if this is more a PHP question
of general Linux question.

I have a script that makes changes to image files, montages them into
a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.

Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesn't have write
permission to alter those files (whether with mogrify or convert, but
that doesn't matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesn't seem to have the right to run chown or chmod on the files with
"(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? I'm at a complete loss!
Thanks!
Liam
Jul 17 '05 #1
7 9725
LRW wrote:
Sorry to crosspost, but I have no idea if this is more a PHP question
of general Linux question.

I have a script that makes changes to image files, montages them into
a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.

Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesn't have write
permission to alter those files (whether with mogrify or convert, but
that doesn't matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesn't seem to have the right to run chown or chmod on the files with
"(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? I'm at a complete loss!


You can't chown or chmod files you don't own (unless you're root) for
obvious security reasons. The process doing the chown either needs to
run as "nobody" (the current owner) or "root", so it cannot be done by a
script running as the "apache" user.

Ideally, the permissions on the Samba share would allow access by the
"apache" user. Or you could run a script from cron (as "nobody" or
root) to check for appropriate files and chown them before calling the
script.

(This is addressing the Linux side of the issue and is the same
regardless of what language the script is written in. PHP may offer
some additional features providing another method for dealing with the
situation.)
Jul 17 '05 #2
On 2004-07-02, LRW wrote:
Sorry to crosspost, but I have no idea if this is more a PHP question
of general Linux question.

I have a script that makes changes to image files, montages them into
a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.

Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesn't have write
permission to alter those files (whether with mogrify or convert, but
that doesn't matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesn't seem to have the right to run chown or chmod on the files with
"(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? I'm at a complete loss!


Only root can chown a file, and only root or the owner can chmod
one.

Use sudo to allow apache to run a script that makes the changes.

--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
================================================== =================
My code (if any) in this post is copyright 2004, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License
Jul 17 '05 #3
LRW wrote:
Sorry to crosspost, but I have no idea if this is more a PHP question of general Linux question.

I have a script that makes changes to image files, montages them into a jpg, and creates a Web page with that image.
It starts with someone from our graphics dept. who I set up to copy
the image files over to the Linux server with SAMBA.

The files gain the owner/group of "nobody" and permissions of 744.
Then a PHP script runs all the processes, obviously under the user
"apache".

Now, even though I have the folder on the server that the files get
copied into within /var/www/html the script doesn’t have write
permission to alter those files (whether with mogrify or convert, but that doesn’t matter.)

I added a line where it calls a bash shell script to change
permissions, change ownership, other things, and of course apache
doesn’t seem to have the right to run chown or chmod on the files with "(744) nobody nobody" in a folder with "(777) apache apache".

Any suggestions what I might do? I’m at a complete loss!
Thanks!
Liam

You can run php either under apache as a web page, or from the command
line. What you are doing seems like it is a batch job, and it is more
reliably run from the command line. In that case, you can simply run
it from root.

--
http://www.dbForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-Changing...ict125760.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=419213
Jul 17 '05 #4
LRW
"Chris F.A. Johnson" <cf********@gmail.com> wrote in message news:<2k************@uni-berlin.de>...

Only root can chown a file, and only root or the owner can chmod
one.

Use sudo to allow apache to run a script that makes the changes.


Thanks for the replies, all.
Now, I can't figure out how to automatically run the shell script as
anything other than apache, since it's a PHP script that's starting
the shell script.

In the script I use:
sudo -u nobody /usr/bin/mogrify (etc)
but that then gives me "password" errors (if I view the output.)
Obviously sudo needs a password to be given automatically, but even if
I knew what the password for "nobody" was, how would you automatically
pass it through a sudo in a shell script? (I suppose I could use root
if I could figure that out.)

I checked the sudo man, and I see where you can provide -p switches
using percentile-letters. But, those look like ways to change the
password prompt or requirements, not any way to pass it a password.

Someone suggested adding apache as having rights to the samba share. I
added this to smb.conf:
[shipthumbs]
comment = ShipThumbs
path = /var/www/html/pa-thumbs/shipthumbs
public = yes
valid users = sarah apache nobody
writeable = yes
guest ok = yes

What more do I need to do to give apache user rights? As you can see,
the share is also sitting in the middle of the web server's home
folder, and the owner and group owner for the folder is apache. It's
just that whenever "sarah" copies files INTO the folder, they get an
owner tag of nobody and permissions of 744 automatically.

Thanks for any help!
Liam
Jul 17 '05 #5
LRW wrote:

In the script I use:
sudo -u nobody /usr/bin/mogrify (etc)
but that then gives me "password" errors (if I view the output.)
Obviously sudo needs a password to be given automatically, but even if
I knew what the password for "nobody" was, how would you automatically
pass it through a sudo in a shell script?


Check your /etc/sudoers file. It's possible that it disallows "nobody"
from using sudo at all. More importantly though, it can be configured
to allow "nobody" to use sudo *without* a password. See man 5
/etc/sudoers for more information.

Warning: think long and hard about the security considerations of
giving permission to "nobody" to use sudo without a password. You'll
almost certainly also want to restrict which commands it is allowd to
use in that mode.
Jul 17 '05 #6
LRW
John-Paul Stewart <jp*******@binaryfoundry.ca> wrote in message news:<17***********@mail.binaryfoundry.ca>...
LRW wrote:

In the script I use:
sudo -u nobody /usr/bin/mogrify (etc)
but that then gives me "password" errors (if I view the output.)
Obviously sudo needs a password to be given automatically, but even if
I knew what the password for "nobody" was, how would you automatically
pass it through a sudo in a shell script?


Check your /etc/sudoers file. It's possible that it disallows "nobody"
from using sudo at all. More importantly though, it can be configured
to allow "nobody" to use sudo *without* a password. See man 5
/etc/sudoers for more information.

Warning: think long and hard about the security considerations of
giving permission to "nobody" to use sudo without a password. You'll
almost certainly also want to restrict which commands it is allowd to
use in that mode.

WOW! That's fantastic! So, I've always just "man foo" to see the
manual for a command...how does one know that there's other man files
that you can access by putting a number after the "man"? "man 5
sudoers" has some great info that completely solves my problem, and
helps me with the security concerns you mentioned.

Thanks for the reply!
Liam
Jul 17 '05 #7
[Note follow-ups set to c.o.l.misc since this no longer has anything to
do with PHP.]

LRW wrote:

WOW! That's fantastic! So, I've always just "man foo" to see the
manual for a command...how does one know that there's other man files
that you can access by putting a number after the "man"?


'man sudo' says at the bottom of the page "See also...sudoers(5)". The
number in parentheses is the section number that you can pass to the
'man' command. Also, 'apropos sudo' will give you a list of relevant
pages and their section numbers.

The 'man 5 sudoers' command doesn't really need the '5', since the only
manpage named 'sudoers' is in section 5. A better example might be 'man
passwd', which will give you the section 1 info for the passwd command
by default. (Equivalent to 'man 1 passwd'.) 'man 5 passwd' will give
you the passwd page from section 5, where you'll find documentation on
the /etc/passwd file format. If you want to see all of the pages from
all sections for passwd, 'man -a passwd' will cycle you through them
all. (When you close one, the next will be displayed.)

'man man' gives you a list of what each section contains.
Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: pdav | last post by:
Hi! Is there any solution to create a directory with one script with mkdir(), and then write a file (or move an uploaded file) in this directory with another script? The problem is, that the...
0
by: Fran Tirimo | last post by:
I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company...
2
by: Fran Tirimo | last post by:
I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company...
14
by: Mark C. | last post by:
I'm trying to call a batch file that I've built using the FileSystemObject and CreateObject("Wscript.Shell"), oShell.Run... in an asp script. Naturally, I can get the script to work from a command...
30
by: Adam Baker | last post by:
Hello, I'm writing a site where a handful of people will be able to edit the content using PHP scripts (FCKeditor). The content is stored as individual files in a directory. I'd like to validate...
1
by: SysProg | last post by:
I need some help with a problem I've encountered. I am a zLinux, WAS, and DB2 noob so please bear with me. I am helping to support two WebSphere applications which utilize DB2 under zLinux. One...
1
by: chrisj | last post by:
I'm using freeASPupload and got some assistance integrating to a Member script. It works successfully. In this modified version there are two groups that use this upload script. Members of one...
13
by: eclipsme | last post by:
I thought I had this licked, but apparently not. I have a file upload script that attempts to upload a file to a directory in the public_html directory - www.domain.com/upload The permissions...
1
KevinADC
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.