I have this simple code
mkdir('Users', 0775);
but when I go into my directory this is what I see
drwxr-xr-x 4 www-data www-data 1M Jun 11 16:30 Users
I expect to see
drwxrwxr-x 4 www-data www-data 1M Jun 11 16:30 Users
What could be messing up my permissions?
umask might be affecting your script. You can try to temporarily modify it via PHP: http://php.net/manual/en/function.umask.php
$old = umask(0);
mkdir('Users', 0775);
umask($old);
You could also try to change the permissions after the directory is created:
mkdir('Users');
chmod('Users', 0775);
… which is recommended on multithreaded web servers.
If you use
mkdir('Users')
chmod('Users', 0775)
That could solve your problem, however, keep in mind that mode is ignored on windows, but you can change the permissions with chmod. See mode is ignored on Windows.
Related
I'm having a problem with getting a shell command to clear a specific product cache because the permissions in the cache folder are strictly restricted to www-data. For example, folder /var/cache/mage--a files are like these:
-rw------- 1 www-data www-data 7646 Mar 4 11:20 mage---c54_PRODUCT_CACHE_123
-rw------- 1 www-data www-data 184 Mar 4 11:20 mage---internal-metadatas---c54_PRODUCT_CACHE_123
So when the shell command runs, it calls Mage::app()->cleanCache('PRODUCT_CACHE_123'), which triggers down to _fileGetContents function defined in lib/Zend/Cache/Backend/File.php and it's unable to open the meta file in /var/cache/mage--a due to the permissions listed above.
Does anyone have a suggested fix for this?
I ended up using Redis for caches instead. This helped solve the problem as i don't need to set up file permissions for the cache folder anymore.
I have a PHP script on my web server that uses a private key so my directory structure looks like this
-- script.php
-- private-key
-- lib/
What permissions should I set my private-key file too so that it can be used by script.php but not by anyone else. I've tried setting the permission as 664, is that correct?
Setting your permissions as 664 means that anyone can read the file. For a private key file, you should at least remove last 4 (660). I would probably make the owner the user that is running script.php and then set the permissions to 400.
If your file permissions look something like this:
user#host:~$ ls -l
-rwxr-xr-x 3 apache apache 4096 Jan 6 15:32 script.php
-rwxr-xr-x 2 apache apache 4096 Dec 13 11:25 private-key
drwxr-xr-x 14 apache apache 4096 Dec 13 15:03 lib/
Then something like this would be more secure:
chown apache:apache private-key
chmod 400 private-key
This will make it so the only user that can read the file is the apache user.
To make life a little easier for you, you might want to add a group and fiddle with the group permissions so that your user can edit the file as well.
I run a third party PHP application on my local AMP stack on my Mac. I recently bought a new Mac Mini with Lion, and am trying to set it up. My previous computer was a MB air with MAMP. Now I'm using the built-in apache/php and a homebrew installed MySQL.
Here's my problem: I have a directory with symbolic links. These symlinks are to directories, and the PHP application is checking these with is_dir().
On my Lion AMP setup, this is_dir() is failing. The same setup on my Snow Leopard MAMP is_dir() works fine with my symlinks.
Here's where it gets more curious. If I do php -a (php interactive command line mode), and do is_dir() on the very same directories, it returns true. It only returns false in the context of an apache request. This makes me think it has something to do with the apache user (which is _www) not being able to access the symlinks. Troubleshooting this falls outside of my expertise.
Other notes:
Yes, I have FollowSymLinks turned on in my apache config, and in
fact, the directory where the symlinks in question reside is a
symlink itself. Apache has no problem with it. Until PHP is_dir() is
used.
No, I cannot edit the PHP application and just fall back on is_link()
and readlink().
This exact same setup worked on my Snow Leopard/MAMP setup.
Any ideas?
Ah saw your comment on changing them to 777 but still wondering why it's not working.
My solution below might not help you.
EDIT:
If you have access to /etc/apache2/httpd.conf, edit it via sudo vi /etc/apache2/httpd.conf.
Then change these 1 of these lines or both of them
User _www
Group _www
Here is an example of my directory listing.
ace:remote-app ace (git::master)$ ls -al
total 72
drwxr-xr-x 24 ace staff 816 7 Aug 00:24 .
drwxr-xr-x 11 ace staff 374 4 Aug 13:46 ..
drwxr-xr-x 3 ace staff 102 12 Jul 17:06 .bundle
drwxr-xr-x 14 ace staff 476 7 Aug 02:29 .git
-rw-r--r-- 1 ace staff 100 1 Aug 19:20 .gitignore
-rw-r--r-- 1 ace staff 9 1 Aug 19:20 .rspec
drwxrwxr-x 10 ace staff 340 14 Jul 15:58 public
Now my public directory has 775 permissions, meaning owner and group have full permissions while other users can only read and execute.
It depends if you want apache user to become ace from the default _www or the apache group to become staff from the default _www.
Once you've decided on which to change, restart apache.
/usr/sbin/apachectl graceful
And your page should now have access to the directories / files.
One thing to note is that you have to change ownership for files that have been already been written by your webpage as those have _www:_www ownership and you won't have access to them after the restart.
You can change their new ownership through this, -R is to make it recursive.
sudo chown -R newapacheuser:newapachegroup <path>
Did you check permissions/owner?
From the PHP manual: Note: The results of this function are cached.
I had a similar issue. I created the following link:
cd /home/mike/uploads
ln -s ./data /sites/www.test.com/docroot/data
Then I created a test.php file in /sites/www.test.com/docroot that just did the following:
$dir = "/sites/www.test.com/docroot/data";
"is_dir\t\t" .is_dir($dir) ."\n";
When I ran test.php from the command line, it would show up as is_dir was True, but when I loaded test.php from a browser through apache, it was False.
I went to /sites/www.test.com/docroot/data and did a
chmod -R 755 .
That didn't change anything. Then I realized, the parent to the actual symlinked dir needed proper permissions set (/home/mike/uploads). I did a chmod on that dir, and everything worked!
Check open_basedir directive in php config. That path should also be included.
In linux, you can list multiple folders by separating them with a colon.
https://www.php.net/manual/en/ini.core.php#ini.open-basedir
Is there a way to set php running under apache to create folders with the folder owned by the owner of the program that creates it instead of being owned by apache?
Using word press it creates new folders to upload into but these are owned by apache.apache and not by the site that they are running in. This also happens using ostickets. For now we have to SSH into the server and chmod the folder, but it would seem there would be a setting somewhere to override the ownership outside of any program that does it.
Safe_mode is turn on on your server. The function mkdir() creates folder with owner ("apache", "none", ..) that different of the current script owner. And scripts couldn't upload (move, copy) files into that folder with another owner (that is not like current script owner).
Disable safe_mode and that would be work.
See http://php.net/manual/en/features.safe-mode.php for details.
P.S. With enable safe_mode you can't use chmod() function in php.
Another way is to put the apache user and the "customer users" in a new group. Additional the directory should use the sticky bit SGID so each new file got the group assignment to this new group. This way the webserver and the "customer users" can work with the files without any problems
[17:57] progman#proglap /tmp/test $ ls -al /tmp/test
total 9
drwxrwsr-x 2 root users 48 Apr 1 17:55 .
drwxrwxrwt 36 root root 9264 Apr 1 17:53 ..
As you see the directory got the stick bit SGID and the owner is the "users" group in which I (progman) am. No if another user adds a file the group automatically get set to this group
[17:55] proglap ~ # touch /tmp/test/x
This is executed from root. Now we get:
[17:57] progman#proglap /tmp/test $ ls -la /tmp/test
total 9
drwxrwsr-x 2 root users 72 Apr 1 17:59 .
drwxrwxrwt 36 root root 9264 Apr 1 17:53 ..
-rw-r--r-- 1 root users 0 Apr 1 17:59 x
As you see the added file is from root, but the group is set to users and this way I can remove it
[18:00] progman#proglap /tmp/test $ rm x
rm: remove write-protected regular empty file `x'? y
[18:01] progman#proglap /tmp/test $ ls -la /tmp/test
total 9
drwxrwsr-x 2 root users 48 Apr 1 18:01 .
drwxrwxrwt 36 root root 9264 Apr 1 17:53 ..
Keep in mind that you still need to change the chmod if you want to edit the file as rw-r--r-- is just group read access. But changing the chmod, maybe even working with umask, is better than dealing with root-access and using chown.
Not directly, no. You can't "give away" ownership of a file to another user, unless you're root. You could investigate using the "AssignUserID" apache directive to force that particular vhost to run as a particular user/group. With that Apache/PHP would create any files with the appropriate ownership
Check out PHP chown() function
I am trying to read and post back to the browser a file uploaded with the zend framework mechanism.
The file has been uploaded correctly to the desired location and as I have checked by
su www-data
and after an ls and a cat, the web user can read it and modify it properly.
the problem is that inside a controller when I try to:
if(!file_exists($fileName)) {
die("File ($fileName) wasnt set or it didnt exist");
}
I am always getting to die(...), although the $fileName is a string and when I display it's location I can always (as stated before) read it from the command line.
ls output:
$ ls -lah
total 112K
drwxr-xr-x 2 www-data www-data 4.0K 2009-10-07 18:21 .
drwxr-xr-x 3 www-data www-data 4.0K 2009-10-07 13:57 ..
-rw-r--r-- 1 www-data www-data 70K 2009-10-07 17:33 Eclipse_Icon_by_TZR_observer.png
-rw-r--r-- 1 www-data www-data 27K 2009-10-07 18:24 eclipse_logo2.png
Stat output:
stat() [function.stat]: stat failed for .../eclipse_logo2.png
I saw a very similar question to the "try for 30 days" site, so it is not something that has happened to me...
Any ideas?
You have to chmod the newly created file because the file owner created from PHP side will be Apache (group: www-data, httpd, www, or something similar). So next time PHP cannot access the file because www-data owns it and it has wrong permissions.
Here's how you create new files so that you can access them later.
<?php
$path = '/path/to/new/file';
touch($path)
chmod($path, 0777);
// TRY to change group, this usually fails
#chgrp($path, filegroup(__FILE__));
// TRY to change owner, this usually fails
#chown($path, fileowner(__FILE__));