I've just bought a VPS for testing purposes trying to learn how to use it etc.
I've setup apache/php and running a script which PHP creates folders. Ive tried setting the script to chmod it to 0755 but it still doesn't let me delete the folder.
I can't chown/chgrp as im not running the script as root.
I just need to be able to delete the folder with PHP, Is there a config file i can change so PHP creates folders with a different user group?
Thanks
Your folder is created by your script, that usually runs with the apache or web user. So you can't manipulate it as yourself (in an FTP for example).
What you can do is change the mode within your script (still running as apache or web user) like so:
<?php
chmod("/somedir/somefile", 0777); // octal; correct value of mode
?>
Related
I have a code on PHP that was working in a server but we migrate that code to another server and now that code is not working, specifically we want to run an .exe file using PHP with the instruction exec
I debug the script and it looks be working properly and the IUSR user and IIS_IUSR have the correct permissions and actually the exe file is running, but, when it run it need generate some files that is the part that cause the issues, the program are trying to create files on the AppPool directory for example like this:
C:\MyPath\somewebsite.com\8áª\MyProgram\
Where C:\MyPath\somewebsite.com\ is the AppPool root directory and MyProgram\ is the directory that the app is creating
Where \8᪠is generated randomly and changes all the time that we try to run the program, debugging with Process Monitor I can get an error: PATH NOT FOUND and/or NAME INVALID, on the previous server we modify the user on the IIS to run the script (that was on IIS 6 now we are on IIS 8.5) and that files was created on the home directory of the user AND without the random directory, for example:
C:\Users\MyUser\MyProgram\
where MyUser is the user that we assigned, but on that new server we get the files on the AppPool directory no matter if we change the user
I think that we can solve that if we was able to define a path for the IUSR user and set it as "home" path but I cannot found where to modify the IUSR user, I know that is a build-in user that IIS create but I'm not sure if I can edit that settings for that user.
I already mention that we used IIS but just as an extra data, we are running that over Windows Server 2012 R2
Any suggestion?
You topic / question is:
IIS does not allow run .exe file using excec command on PHP
which is the correct behavior! You don't want to run .exe files through PHP, really. You have to give the IUSR execute permissions on cmd.exe first, meany you might as well give all your virtual users administrator permissions.
lot of time after but, PHP side was ok, the problem was on the .exe file, the exe file create some files that was used for the same exe program, but it uses relative paths so when the process run makes that did not found the files generated and this caused the errors
I think I'm misunderstanding something fundamental about file permissions in an OpenShift PHP app. How do they actually work?
I develop on OSX and push changes using SourceTree. When I log in to the app via an SFTP program (Cyberduck) the index.php file shows its permissions set to 600, yet visitors can view it OK in a browser.
This surprises me, as I thought the file would require permissions of 644 to be browsable (like an Apache webserver).
On OpenShift, it seems as though file permissions 600, 640 and 644 are all equivalent. Is this correct, or am I doing something wrong?
Related:
My OpenShift app has a cgi-bin folder containing a cgi program that should only be executed (called) from a PHP file. In other words, any PHP script should be able to call this cgi program, but a visitor attempting to browse to the cgi-bin folder directly should not.
I set both the cgi-bin folder and cgi program file permissions to 700 (so only the 'owner' has read/write/execute set, and no permissions are granted for 'group' and 'others'). However visitors can still browse to the program URL directly and execute it (e.g. www.example.com/cgi-bin/program.cgi) - as if the permissions were 777. How do I solve this?
I think you are used to a system where one user owns the files being served, and the web server runs as another user, but since the files owner (your user account that is that big long hash) is also the owner of the process that runs the web server on OpenShift, then it is using the "6" part of the permissions, so it makes sense that the other two digits that you add don't make a difference. If there is a script that you don't want web accessible, but that you want PHP to be able to execute, then you should place it outside of your web directory that contains your php files. The easiest way to do that would be to create a "php" folder in your repo, and put your files inside of it that need to be web accessible. That will change your documentRoot to that php directory, and you can put your script one level above that so users can't execute it with a web request.
I have an Apache server installed which exposes a website written in PHP that I have been working on. One of the functions of the website is to insert new data into a MySQL database. When data is to be inserted the user presses a link which in turn calls a PHP script which contains a line like this
$script_return = exec('python some_script.py);
the python script generates a number of files in the root of the root directory of the site. After creation of these files the script names them after a specific system and moves them to subfolders (via shutil). When I run the script manually everything works fine. When I, however, try to run is from the website the files are created but they are not moved. Both the .php script and the .py script have 777 right and belongs to the www-data group but it still does not work.
Any help would be appreciated.
It sounds like the www-data user may not have the right permissions in your destination folders. If Apache can create the files, it should have rights to move the files.
Why not create the files directly in the location that you want them? That will also give you a more specific error about what's going wrong.
You could also have the python script write a log file somewhere that you can check after.
Once you've got it sorted, I would recommend removing 777 permissions.
Ok, so I have a file upload script in PHP that used to run fine; but I've just moved it onto a new server.
The new server has the following settings for all website folders (it's running Ubuntu):
My old server had the following settings in all website folders, and it allowed file uploads using the same PHP code:
Am I missing something? Are these access permissions you have to set for PHP itself? 'file_uploads = On' is set in the php.ini, and everything else related to file uploading set to default.
All I want to do is allow my PHP script to upload images to a specific directory. Am I missing something obvious? Allowing public write permissions allows the script to run correctly, so it's definitely a permission issue and not an issue with the script. But surely allowing public write access is a big security issue.
Any ideas?
You need to allow the web server software write access to the target directory. If you're running Apache this will conventionally be 'apache'. You can get that information from the httpd.conf file. Look at the group to which the directory belongs (use ls -l), and add the apache user to that group (useradd -G myGroup apache). Then enable group write access.
We have an PHP XML parsing script that uploads photos to a folder structure like /content/images/2012/05/31/%object_id%/. This parser runs primarily as a DirectAdmin cronjob. We run into many problems getting the folder permissions right to enable the uploading in that directory for both the cronjob as running the parser via the browser.
According to print_r(posix_getpwuid(fileowner($directory))); the owner of the directory is is the same as get_current_user(). Nevertheless I receive: Warning: mkdir() [function.mkdir]: Permission denied when running the script via the browser. It works fine when running it as a cron job.
All folders have chmod 0777 and new folders are created as such;
mkdir($path,0777,true);
Naturally we have the same permission problems with uploading and/or deleting the files themselves.
Is there any way to enable all the file actions running both as a cron job and through the browser?
We are running Linux with PHP Version 5.2.17.
Couple of thinks to note: get_current_user gets the owner of the .php file (i.e. the script) but NOT the name of the user that is running the php script. Invariably these are different as the file will be uploaded by you (a regular user) and php/apache will run as a different user (often called "apache" or "www".) You need the latter of these two. suggested snippet from the php manual to get this is:
$processUser = posix_getpwuid(posix_geteuid());
print $processUser['name'];
(http://php.net/manual/en/function.get-current-user.php - see comments)
To solve you current problem, though, my strong suggestion is to run the cron as the same user that the php/apache is running as (check man page on crontab) - the user should be the one in that snippet above, CHOWN the files and directories to that same user (they will currently be root) and to a group that is shared between you and the FTP client. Then make sure the user and group have read+write permissions so you can also edit from ftp. Make sure you change permissions on both directores (775) and files (644) as your script creates them.
Also note that if you mkdir(), then the directory above must also have write permissions for the user (and this might actually be your initial problem, and why only root/cron can write there).