In my PHP application I am using file_put_contents() to create a file to display comprising of a blob retrieved from a table in my database. However, currently, in order to get the function to work on my Amazon EC2 Ubuntu instance, I had to give the folder it's writing to 777 permissions. However, I know this is extremely bad and I want to change this, but I don't know what to.
I'm a novice at Linux and I'm currently navigating around my instance through the help of Google. This is part of a university assignment, so I can't just hire a Linux expert (just in case one of you says I shouldn't be using such an instance if I don't know Linux!)
Assuming that you are using this from a browser with normal http requests, you need to find out what the user is that is running the web-server. Probably something like apache, www-user or something similar.
Then you can do 2 things:
Change the ownership of the directory where you want to save the file to the web-server user and then it can have permissions 755
Change the group of the directory to the group of the web-server and then the directory needs 775.
Related
I am currently attempting to write a simple web page to store emails in a database. I am on a server which is not mine (but does run Apache), so I do not have root access, so I have opted to use SQLite3. The goal is to use PHP to INSERT into the database, however, I continue to encounter the issue with the database being owned by me and the PHP attempting to access using the user "apache" which leads to a "readonly" error. Since I am not root, I cannot chown the database file and even when I chmod 777, it has no effect. The conclusion I came to was to have the PHP script create the database itself (under the user apache) but now I do not have write access to the file. Is it okay for me to just allow apache to own the database or is there some better way to do this?
SQLite is a library, i.e., it's just a bunch of code that runs inside the web server process. This means that accesses to the database file behave just like any other file access from Apache.
The web server process needs to be able to access the file itself, and to create the journal rollback file in the same directory.
chmod 777 is a bad because every user on that machine can do anything to the database. It would be a better idea to have the database file and the directory belong to a group that has you and apache as members.
If the server's administrator will not create such a group, then you could have apache as the owner, and add a backdoor (sufficiently protected) to your web app to allow overwriting the database with a new file.
I know this probably is a subject many other places as well, but I have tried many of the things written in other posts, and still no luck.
I am running a Ubuntu VPS with apache, ftp and php.
My goal: Every time I add an image to a folder the image should be accessible for the public. I have tried different chmod-commands but still no luck.
I want each image to have access rights: rwxrwxrwx, but as default when I upload them to the the folder through Filezilla they end up with access rights rwx-------.
I hope also I have given enough information. Please comment below if not, and I will provide as fast as possible. ( I am kind of new to the game, sorry about that)
You can change the default permission in your ftp server. I don't know which ftp server you're using? Or you can build a script that changes the permissions and execute this.
Solved
I figured out who the current user was using PHP and managed to set the new directories' owner to be the user the PHP scripts are executed from. However, this was still causing issues as some other commands (used to determine who the current user was) weren't working. This highlighted that the problem was that my PHP distribution was configured to be in safe mode.
I disabled safe mode and the commands provided by Ed Manet allowed me to add/edit/remove the files as desired, without the shortcut of just having everything be 777 permissions.
Thanks for the help!
Original Post
I have a web application that stores some data on the server. This involves creating and removing both directories and files (as well modifying existing files) in PHP. The main problem I'm having is do with the permissions required to perform such actions.
If I set existing files' permissions to 777, then the PHP script can edit them just fine (although I know this isn't an optimal solution as it's insecure). The script can also create and remove directories just fine (when they have 777 permissions at least), but no matter what I do I cannot get the script to create new files.
I've done some searching around and it appears that I need to elevate the PHP "user" to a user that has the required priviliges. However, when it comes to server configuration and permissions I'm essentially a beginner. How would I change to a different user to perform the required actions? Is it possible to do this mid-script and use PHP's fopen() and chmod() functions as normal? Or would I have to spawn an entirely new process using a shell command, somehow getting that external program executing with the correct privileges?
To summarise, I need a new of creating, modifying and deleting files/directories in a we b server using PHP, by assigning adequate permissions to the files and privileges to the PHP user. I am unsure on how to do this.
Thank you.
What I would do is change ownership of the folder that the PHP has to create files in to the account that runs the PHP process. Then you don't need to open up permissions so much.
So if this is a Linux system and the webserver is run by a user called "apache":
chown -R apache /path/to/the/files
Then change permissions to owner read/write
chmod -R 644 /path/to/the/files
This problem occurred to me multiple times now, and it's time for me to do it the right way!
How can I upload a website to the server, where php has access to the folders for writing data.
Usually I use an FTP program, but I can't upload as root, so there are restriction problems all over the place...
How do you do stuff like this?
Thanks!
EDIT
I'm sorry, I accidentally added rails to the tags instead off php.
Probably I need to clarify my problem, since the answers didn't really help me out here:
I already have a server running apache, DirectAdmin and some other stuff like rails.
And the problem is when I upload a website like joomla or wordpress via FTP the restrictions always need to be set to 777/775 or these sites can't write to the folders..
So what I need to know is:
How can I upload these sites (via FTP/SSH) as a user (root) that is the same as php, so that php can create files in all folders it needs to write to?
Hope I'm being more clear now, thanks for the help so far!
Use a server with ssh access and full write access to wherever your Rails app is hosted (and usually ssh access is as the user that Rails runs as).
For me this usually means a VPS type server, I like Rackspace Cloud which turns out to be around $11 - $15 per month for a low traffic, low spec server. I've also heard good things about Linode
The solution
Upload your site with FTP
SSH to the server and go to the public_html folder
chown -R [user_name]:[group_name] [folder_name]
For me the right user was apache..
When I download a file with curl through php I cannot seem to be able to delete it afterwards through ftp. I can delete it through the php script, but that's not exactly perfect. If the file isn't downloaded via curl, but still via php I can delete the file, it's just ones downloaded via curl that I cannot delete. When I try to run chown() through php on the file it gives me a permissions error. I've tested the same php script on multiple other servers and it works fine there, it's just this particular one it doesn't work on. Maybe it has something to do with php configuration and permissions but I'm not 100% on that.
Sounds like it is saved with the file owner being the user account of the web server. A non-privileged account can't chown to a different user, either, so that explains why chown fails... Try having PHP execute chmod 777 on the file before you delete it.
When you create a file it is usually owned by the Apache user (or whatever app server you use). The FTP user however is not the same one most of the time. You can fix this by adding the FTP user to the Apache group (or the other way around). Sometimes they already share a group (like on many plesk environments) so making files readable and writeable for that shared group may solve the issue.