When using PDO sqlite PHP adapter, new sqlite database file is created with group permission set to read-only, and does not honor umask.
I need every database file to be writable by group. Any way to accomplish it?
Edit: I know how to change permissions of a file, I'm asking whether it is possible to create it with correct permissions (according to process umask) or not.
It looks like there's a SQLITE_DEFAULT_FILE_PERMISSIONS compilation parameter.
It seems umask is applied on top of it to restrict it, if necessary.
So it makes sense to recompile with SQLITE_DEFAULT_FILE_PERMISSIONS=666 and than rely on umask. Too bad it's not a default option in sqlite.
Before opening the database file using sqlite's connect call, you can open is as an ordinary file and the desired permissions. This will create an empty file unless the file is already present. Sqlite will fill that empty file with the database.
This is safer than using chmod after the file has been created for two reasons:
There is a tiny possibility that another user could open the file before you call chmod
In some cases (e.g. when configured for WAL), sqlite will create more than one file. It will honor the permissions of the pre-existing empty file and use them for the other files. Using chmod on the main file would forget to set permissions for the other files.
Related
I have setup a demo "admin" website with all file permissions set to 555 for directories and 444 for files so that any "save" functionality is disabled. So far so good.
However, I noticed that the PHP touch() function is unaffected by file permissions? I am successfully running PHP touch() on directories that have no-WRITE permissions (555). Seems a bit odd. Is this intended behavior (PHP 7.2)?
I am trying to prevent touch() from being able to execute (via file permissions), but can't currently see how this is possible.
Thanks.
From the utimes(3) documentation:
The effective user ID of the process shall match the owner of the file, or has write access to the file or appropriate privileges to use this call in this manner.
So the owner can update the timestamps even without write access. You need to change the ownership of the files so they're not the same as the user running the PHP script.
If this is a problem, maybe you should use some other method to keep track of changes that the file modification times.
It sounds perhaps hackish but if I use file_put_contents to write a .php file, what permissions does the file get? I couldn't find any documentation regarding what permissions file_put_contents sets. (Assuming the file did not exists before).
In this case this file is not written from any user input or even from the web at all.
This would typically be 644 for a user.
But it can depend on the application setting that called the function. You can modify the default creation permissions for httpd and lot's of other applications.
You said, it's not from any user input or the web. But however it's called, there will be an associated user.
I can't use fopen because PHP is in safemode and admin wont change this. How can I write a static html file using php?
With difficulty, unfortuantely. If your sysadmin has not set up user permissions that allow you to do this, then there's no general workaround. Other answers (e.g. FTP-ing) may work in certain circumstances (again, if user permissions allow it).
The only foolproof solution is to talk to the sysadmin.
You can only open (and thus write) to files in directories, that are permitted by the safemode settings.
You can use FTP.
You can still do with safe mode enabled
Beware: Safe mode will not permit you
to create new files in directories
which have different owner than the
owner of the script. This typically
applies to /tmp, so contrary to Unix
intuition, you will not be able to
create new files there (even if the
/tmp rights are set correctly).
If you need to write into files in
/tmp (for example to put logfiles of
your PHP application there) create
them first on the command line by
doing a
touch /tmp/whatever.log
as the same user who owns the PHP
script. Then, provided the rest is
configured correctly, the PHP script
will be able to write into that file.
http://php.net/manual/en/features.safe-mode.php
In a module I'm creating I have some sensitive information I need to store securely: A remote database host, username, and password.
It seems that the only storage available is in the Drupal database, which worries me since this means if Drupal is compromised so is this other database. The settings.php file in sites/all/default was my second option, but I'm having trouble writing to it. Various chmod commands in FTP and SSH to 777 and 666 won't open the file to writing. I'm also not sure if the variables I set there are available anywhere else.
Are there any other ways to store this information securely?
You're on the right track using settings.php. You can use the $conf variable in settings.php to set variables that you can access in modules using variable_get.
Hmmm... this seems like something you shouldn't do in general. Write an API that sits at the remote database that you can access.
If however you insist on direct database access. Hard code the host, username and password in a file, put the file outside your document root and include it from there. For example, if your document root (i.e. where Drupal's index.php file is) was /www/htdocs, put a file containing the info at something like /www/secure and include it where you need it. Then if php stops working for some reason, the file isn't in a readable location to the outside world but PHP can include it within the site as necessary.
Sure somebody might see that you were including the file but they wouldn't be able to see the file itself unless they hacked your server (rather than just Drupal) and in that situation, your pretty much screwed anyway.
Using a config file is ideal for this type of information. However doing a chmod 777 or 666 is a really bad idea. The problem is that both of these settings allow the file GLOBALLY read/write. So if you are on a shared host, then its possible for another user on the system to access your file. On install trying using php's chmod() function to do a chmod 500 on the file. (500 should work in most cases, the most important part is that the last number is zero).
I have a file in my project folder.How i can i give file write permission using php.I used this code
chmod($file,0777);
But it giving an error
Warning: chmod() [function.chmod]: Operation not permitted
The file is created by another user.Is their any way to do this .Thanks in advance
This happens because PHP does not have rights to do the change. The user under which PHP runs is usually the web server's user and different from the user you use to add files.
You generally only do chmod on files created with PHP. To be able to do this on other files you need to change the owner (chown).
The current user is the user under
which PHP runs. It is probably not the
same user you use for normal shell or
FTP access. The mode can be changed
only by user who owns the file on most
systems.
From http://php.net/manual/en/function.chmod.php
Well - you just can't if it says you are not permitted to.
Point is - the file belongs to some user and group, most likely root:root - and you are just a user on the server. If root's the owner of that file, you can't change the permissions at all.
Notes:
$file must be a filename. If you put the handle there, the file (most likely) doesn't exists, but still.
Check if the filename is not beginning with / or something. Try different variations.
you can install php via SUEXEC or SUPHP instead of mod_php which allows to change the user as which php is executed, still this dosnt solve anything if the owner is set wrong