I am trying to open/read and copy/delete files on the disk in a Linux-system, using a PHP-script. The files remain in Billy's directory (/home/billy/uploads), all sent by FTP. They have basic rights (rw on the user only) and are owned by, according to 'ls -lr', by billy:billy.
Trying to fopen or copy the file does not work, neither chown or chmod using PHP.
How can I make the 'PHP-user', www-data, to do what I want? What is need to be done? I set the owner of the containing directory, 'uploads', to be www-data, but no luck there.
A quick but dirty way would be to loosen the safety on "billy's" home files. You still can make other files non readable to others, but you have to keep it in mind.
First, (using user billy, sudo rights or root) make /home/billy/ accessible to others, but only this: remove any rights (read-write-execute) from anyone else:
chmod og-rwx /home/billy/*
chmod 755 /home/billy/
second, make uploads writable and accessible to others:
chmod 777 /home/billy/uploads/
if you want existing content to be visible you might need something like
chmod -R og+r /home/billy/uploads/*
Related
So I have a PHP file located in /var/www/html/test.php and I have it run the code shell_exec('touch /home/pi/Desktop/test_file')
However, the webpage displays fine but when I check the apache log files, I always get permission denied. I understand that apache is running as www-data user and my main user pi probably have some permission clash (I'm new to this stuff).
I tried many options I found on-line, the most promising was here, which suggested I run the commands:
sudo chown -R pi:www-data /home/pi/Desktop
sudo chmod -R g+s /home/pi/Desktop
...but I still get permission denied. Can anyone please suggest what permissions I may need to still configure? I want to ensure security, but at the same time need my PHP file to be able to create new files. I used the Desktop as an example directory, but really I don't care which directory, I just need a directory. I tried touching a file within /var/www/html, but that was permission denied as well. Thanks!
if your apache process is running as www-data, and the file ownership is pi:www-data, you probably need to run this chmod:
sudo chmod -R g+w /home/pi/Dekstop
First, setting the group as www-data won't matter if the files are not group writable. Mode 755 will ensure apache can read the files, but the www-data user would still not be able to write.
Secondly, using "g+w" adds group write without messing with any of the other bits. [644 becomes 664, and 755 becomes 775)]. This way you can safely adjust permissions recursively, without making files executable that shouldn't be.
Incidentally, sudo chmod g+s ... is probably not what you want. That will instead set the sgid bit, and not the group write bit.
First of all, why the heck are you using shell_exec to create a file? PHP has it's own touch() function that will do that for you. You can also create files just by opening a nonexistent file using certain modes (ie, fopen("myfile", "w"))
Using exec to create your files is surely messing with your permissions.
You need to find out which user PHP is running as and chown to that user. You can find that out by running get_current_user().
Then you need to change the permissions with chmod. There's an example in the comments so I won't repeat it. Good luck. Stop using shell_exec.
Before you start killing me about how I should not chmod 777, this is rather different than what's in many other topics.
The situation now is that I have this directory NOT accessible from the web (/var/lib/folder/) but I want PHP to be able to access it so that it can read, write and execute from the directory.
A simple solution would be to chmod (as root), 777 the folder, but here comes the problem.
Another user, say John, writes to this directory. As anyone would know, files that John write entitles him to be the owner, and as such PHP is not the owner. Somehow, files that John write always become 755 instead of 777 (and as a result PHP cannot access).
Is there any way to either:
Make John always write to that directory in 777
or
Make the directory such that all files that John write become fully accessible to PHP.
You don't need chmod.
Set an ACL on the directory:
setfacl -R -d -m u:php:rwx /var/lib/folder/
This gives user php rwx rights for new files (-d = default).
You can change the ACL for existing files in the folder with:
setfacl -R -m u:php:rwx /var/lib/folder/
I'm trying to avoid 777 permissions for a directory that handles file uploads on a Linux server. PHP/Apache must be able to write to this particular directory, but I don't want to make it world-writable.
What're the best-practices for this?
I am not too familiar with the CLI, so my attempts to solve this using chgrp and chown have not yielded any results.
Thanks!
ACLs if supported. You could do something as simple as setfacl -R -m u:www-data:rwx,d:u:www-data:rwx /path/to/directory to allow apache to write to that specific directory (and all later created directories as well)
I have created folders using PHP's mkdir command.
Now I want to delete these folders over FTP or SSH.
I get the error "permission denied".
I am on a managed server so I do not have root access.
What can I do so I will be able to delete these folders?
Do I need to change the file permissions (chmod) using PHP?
The folders would have been created with the ownership/permissions of whatever account PHP was running under (Apache's, if you're doing this from a web-based script).
You wouldn't be able to chown the directories to another account, as that requires root permissions. You could have the script that creates the directories set them to mode 0777, which'd give everyone read/write/delete access to them, but you might not want to open up things that wide.
you have to change the permissions first:
chmod("/somedir/somefile", 755);
or whatever you like
then you can remove with
rmdir("dir")
Yes, you must run chmod after directory or file creation with PHP. Its because PHP runs with Apache permissions.
After chmod to PHP/Apache user you can rename, move or delete folders and files.
Check your permission first if you got any problem. Some folder you only can delete or chmod if you are owner.
If you are owner, then you can use PHP chmod.
CHMOD("PATH_TO_FOLDER",0755);
Then use unlink to delete files in folder:
unlink("PATH_TO_FOLDER/*.*");
And then
rmdir("PATH_TO_FOLDER")
I want my PHP software to be able to auto update. For this to work, I need PHP to be able to write into files both existing and non-existing (create). Will it always work if I just CHMOD the target files to be 0777 and then write into it? Or does the PHP/Apache/wtvr process need to be the owner of the file?
Sometimes when people upload using an FTP account, the owner might be different from the PHP process, is this a problem?
Edit: I'm building a PHP application, I can't know on which configurations the app will run on, and I can't modify any server related settings. I can do what PHP can do, like chown(), chmod().
I have one server where, when files are uploaded through FTP, the ownership of the file changes to the ftp user which has caused a few permission problems in the past.
We use groups to get round this
For example, you could create a usergroup for accessing the files and add apache plus each of your ftp users to the group:
usermod -a -G appUpdaters www
usermod -a -G appUpdaters ftp1
usermod -a -G appUpdaters ftp2
etc...
Then you can chown the file/folders to a user + group and chmod to 775
chown www.appUpdaters foldername
chmod 775 foldername
That way if the ownership changes to ftp1.appUpdaters or ftp2.appUpdaters, the other users can still write to the file.
Like I say, I don't seem to need this on all the servers I use so I guess whether you do or not depends on your server config. If you do decide to use groups tho, I find this link comes in handy sometimes
http://www.cyberciti.biz/faq/howto-linux-add-user-to-group/
Make the folder that you want to upload into owned by your www server. Then your php script will be able to write into that folder if it's chmodded 755.
# chown www somefolder
# chmod 755 !$
(Don't make other stuff in your web files owned by www).