I am wanting to change the user from root to user1 but I can't find where the config file is for php-fpm in nginx inside the MAMP directory.
The reason I want to run it as a non root user is because when I upload a file it is created with permissions of the root user but my MAMP folder itself is under user1 and that means that a script that is running under root will never be able to read this file. If I use apache in MAMP it works perfectly because it automatically executes php under user1 like it should.
Related
I've set up a LAMP machine with Centos, apache, MySQL and PHP 7.4.
my user via ssh is mformisano, I'm able to login via SFTP with mformisano and browse folders.
It's an intranet machine, so we are not so severe on restrictions, but, if I type the address into the browser I can execute PHP files, but these files are not able to extract files, create files, etc into the var/www/html folder.
Actually the www folder is:
drwxr-s---. 4 apache apache 31 29 ott 22.34 www
inside:
drwxr-xr-x. 21 root root 4096 29 ott 22.34 ..
drwxr-x---. 2 apache apache 6 19 ott 15.54 cgi-bin
drwxrwxr-x+ 3 apache apache 4096 2 nov 10.49 HTML
If I give permission to mformisano, I can browse via FTP, PHP is executed.
If I give permission to apache:apache I cannot browse, PHP is executed.
If I give permission to mformisano:apache I can browse, PHP is executed.
If I give permission to mformisano:mformisano I can browse, PHP is not executed.
I do need to both browse and execute PHP, so mformisano:apache should be the right way, but when I execute kickstart.php (a WordPress plugin that extracts a .jpa archive) this is not extracting and give me an error about writing permissions.
What am I doing wrong?
The PHP files are going to be parsed by Apache. Typically Apache will be running under the user www-data, in any case find out what user Apache is running under and give the appropriate permissions to the user that apache is running as. If you are a single person running the sever I would recommend SFTP login as root user, this will give you permissions to modify whatever you want on the server, but remember to change the owner and groups for any files you create as root user before logging out.
I have a folder above the webroot that is used to temporarily store user files generated by a php web application. The files may, for example, be PDF's that are going to be attached to emails.
The folder permissions are set to rwxr-xr-x (0755). When executing a procedure from the web application, the files get written to this folder without any issues.
I have now also set up a cron job that calls the php script to execute that exact same procedure as above. However, the PDF cannot be saved into the above folder due to failed permissions - the cron job reports back a permission denied error.
I have tried setting the folder permissions to 0775 and still get a permission denied. However, when the permissions are 0777, then the cron job then works fine.
This seems very strange to me - why does the cron get a permission denied at 0755 but it works fine through the web app?
The probable answer is that the cron job executes under your user - and the directory is owned by apache (or www-data or nobody or whatever user your web server runs as).
To get it to work, you could set up the cron job to run as the web server user.
Something like this:
su -l www-data -c 'crontab -e'
Alternatively, you could change the permissions to 775 (read-write-execute for the owner and group, and read-execute for others) and set the group ownership of the folder to the user running the cron job.
However, you have to make sure that if you're deleting something or descending into folder which is created by apache, you could still run into problems (apache would create a file which it itself owns, and your user cannot delete it then, regardless of the directory permissions.
You could also look at some stuff like suphp or whatever is up to date - where the web server processes are ran under your username, depending on your system architecture.
It depends on which user you have defined the cronjob.
If you're root (not recommended) it should work. If you're the web-user (e.g. www-data on ubuntu) it should work as well.
sudo su - www-data
crontab -e
Permission are given to user-group-everybody. That's what the 3 characters denote.
Your php script runs as a different user&group than the cron job, so they observe different permissions.
Check chown and chgrp, or try to run the cron job with the same user.
if you are using cpanel to run a php, you can try something like this:
"php /home/algo/public_html/testcron.php" ...
just write: php (the rute of the script)/yourscritpt.php"
I have mounted a directory via curlftpfs. I am trying to access the files from within this mount via a webserver.
The path to the mounted directory is
'/home/domain.nl/domains/cms.domain.nl/public_html/project/1/syslink/'
The strange thing is that PHP can read and write from/to that directory. But when i try to access the folder from my apache webserver, then i get the error:
403 Forbidden
You don't have permission to access /project/1/syslink/file.jpg on
this server.
The output when I run exec('whoami') in php is:
urre
That is also the user that created the curlftpfs mount, so the rights are not the issue.
When I log in to the linux CLI with this user, I can access the mounted directory...
Apache Webserver requires the user "www-data" to be able to read and write to a folder / document.
You must change, either your FTP mount user to "www-data" or change your Apache running user.
In /etc/fstab
curlftpfs#user:pass#domain/directory fuse auto,user,uid=www-data,allow_other,_netdev 0 0
If you would like to set the group as well, you can add "gid=www-data" to fstab
This should allow Apache to read and write to your mounted FTP directory.
I have created a service in which users can have their own directory on my webpage (http://mywebsite.com/username/) and run php on it, but currently it is possible to make php code to access root directory (http://mywebsite/) and change things there.
I have made a bash script which creates a user, disables shell from it, and gives it the username directory and ftp access to it's directory.
Is there anything I can do to avoid users from accessing root through php?
I am running a LAMP stack with linux debian
I have in my home directory a SSHFS directory mounted to a remote directory on other server. I currently run PHP under my username (not root). The problem is, I cannot verify if a folder exists on the remote machine or even write a file.
When I try this over console it works, I mounted the directory with the same user and chowned by the same user. When I try to copy a file from script or check if a directory exists it does not work.
When I'm trying it over putty and logged in as the same user, nginx and php runs it works?
solved it
i had to add -o allow_other to the mount point in case someone is facing the same problem