I am using Codeigniter's file helper class to create and write to files. (for logging) Is there a way I can change the user:group to apache:apache for these files programmatically during creation.
ls -l
-rw-r--r-- 1 surjya goper 188 Oct 31 02:03 mylog.log
I tried php's chown command just after file creation but it fails saying 'not permitted'. This is because php allows only if you are a super user.
Any work around for this would be appreciated.
I don't know if you can do that directly in PHP but you could always call a .sh script on the server to do it for you using shell_exec().
From my understanding, only a su can use chown, so you'd probably need to make an 'expect' script (http://docs.oracle.com/cd/E35328_01/E35336/html/vmcli-script.html) that will let the script become su, so it can chown the file.
Related
I want to allow users to execute a bash script that contains sensitive data. Thus, I don't want them to have reading permissions. A 'direct' solution seems to be impossible, but I may have found a workaround in the expect man page:
Create the Expect script (that contains the secret data) as usual.
Make its permissions be 750 (-rwxr-x---) and owned by a trusted group,
i.e., a group which is allowed to read it. If necessary, create a new
group for this purpose. Next, create a /bin/sh script with permissions
2751 (-rwxr-s--x) owned by the same group as before.
I've tried to replicate this as follows:
In a folder, I have two scripts:
script.sh:
#!/bin/sh
echo "targetscript echo"
runscript.sh:
#!/bin/sh
echo "runscript echo"
groups
./script.sh
I gave them the rights as suggested in the man page:
groupadd scriptrunner
chown {myusername}:scriptrunner runscript.sh
chmod 2751 runscript.sh
chown root:scriptrunner script.sh
chmod 750 script.sh
The output of ls -l appears to be alright:
-rwxr-s--x. 1 {myusername} scriptrunner 51 Aug 25 13:04 runscript.sh
-rwxr-x---. 1 root scriptrunner 35 Aug 25 13:01 script.sh
However, when I run ./runscript.sh without root, I get the following error:
runscript echo
{myusername} wheel
./runscript.sh: line 4: ./script.sh: Permission denied
I don't know what went wrong. Can anyone help me?
I'll go back to the root problem as I think it's easier to solve without the expect hack.
So, what you need is having the execute permission on your script but not the reading permission. That is only possible for binaries (i.e. not interpreted scripts)- see details here https://unix.stackexchange.com/questions/34202/can-a-script-be-executable-but-not-readable
So maybe you'll be better off by first compiling your bash script into a binary (with shc - see here https://unix.stackexchange.com/questions/64762/how-to-convert-a-shell-script-into-a-binary-executable) and then set the execute only permission on the binary. Afterwards your users should be able to execute (but not read) the binary.
I am working on apache sever and generating some tmpdir using follwoing code.
$tmpdatadir = "/home/user/tmpdata/".$id."/";
if (mkdir($tmpdatadir)) {
/* do something */
}
dir created:
drwxr-xr-x 2 www-data www-data 4096 Aug 30 17:16 147257020639481
but when i try to write some data using
exec ("cat file.txt >". $tmpdatadir."sample.txt")
i get following error message.
permission denied. As i copy file as user:user so how can i change permision of directory. I found chown does this but i am not sure how can i change ownership of whole directory.
First of all, please review the permissions for www-data folder with ls /lrt, is that way you can see if your user is able to write on the file.
Then, you can use the command: chmod 666 www-data to change the permission of the file to read and write for all users, in this link you can find the syntax for chmod command and a useful calculator if you want limit other users.
Also I share with you the specific functions for commands chown and chmod. See this site.
I am trying to backup all the files on our server using some SSH commands via PHP and I have a script working to some extent.
The problem is that only some of the folders actually contain any files but the folder structure seems to be correct though.
This is the script I am using:
<?php
$output = `cd /
ls -al
tar -cf /home/b/a/backup/web/public_html/archive.tar home/*`;
echo "<pre>$output</pre>";
?>
I cant even view the files via SSH commands, an example of this is the test account. If I use the following command I am unable to view the website files.
<?php
$output = `cd /home/t/e/test/
ls -alRh`;
echo "<pre>$output</pre>";
?>
But if I use the same commands on the a different account I am able to see and download of the website files.
Is this a permission problem or am I missing something in my script?
Thanks
ls -l / | grep home
the output will be like this:
lrwxr-xr-x 1 root wheel 8 Mar 30 14:13 home -> usr/home
In my case, the owner is root, and the root user its primary group is wheel, so now we add www-data user to wheel group so he can list files in there:
usermod -a -G wheel www-data
You can download some files because they located in directory owned by www-data user, and when you can't, www-data has no permission in that.
I think it permission problem, try to give apache user(or what you set it) permission to read /home/* directory's.
To find the user name that used by apache service run this:
For linux:
egrep -iw --color=auto 'user|group' /etc/httpd/conf/httpd.conf
For FreeBSD:
egrep -iw --color=auto '^user|^group' /usr/local/etc/apache22/httpd.conf
My guess is that PHP is running in a chroot.
If you just want to execute a backup, consider doing it in a different language. Especially if it is just a sequence of UNIX commands, write a shell script. Perhaps more details on what this script will be used for and who is providing and maintaining your hosting will be useful.
I'm working on a PHP script that runs a Python script on the server. My server is running CentOS 5.4 with Apache 2.2.3 and PHP 5.1.6.
This is the PHP code:
chdir("/home/cjones/git/pywrapper");
$output = shell_exec("python /home/cjones/git/pywrapper/wrapper.py");
This give me this error:
Warning: chdir() [function.chdir]: Permission denied (errno 13) in /var/www/html/wrapper.php on line 20
In the shell_exec call, I've also tried using "cd /home/cjo... && python ...", but that doesn't work.
The script needs to be run from that directory or it starts throwing errors because it can't find the files it wants. If all else fails, I could just hardcode the paths into the python script instead of using relative paths.
This is the relevant output of ls -l for ~/git
drwxrwxr-x 5 cjones cjones 4096 Mar 23 08:45 pywrapper
I had also tried chmod 777 ~/git/pywrapper but that didn't work. The current setting is just 775.
My best guess is that the apache user for some reason doesn't have access to my user's home directory? But I don't know how to allow it to.
It's not enough to change permissions on just the 'git' and 'pywrapper' directories. Apache will need to be able to access 'cjones' as well. Most Linux boxes default to users' home directories being mode 0700. If you don't want to loosen the permissions to the 0777 level and grant global access, you could change the group ownership to a new group that you and apache share, and grant 0770 to /home/cjones, /home/cjones/git, and /home/cjones/pywrapper
It is a better idea to have your web site's directory not be in your home directory, but symlink it to e.g. /var/www/mysite.
That said, you can chmod o+x ~; chmod o+x ~/git; #etc. for the directories and chmod o+r ~/git/pywrapper/blablablabla for the files python needs to be able to read when running as Apache.
When I use chmod() to change permissions at run time, it gives me the below message:
Warning: chmod() [function.chmod]: Operation not permitted in /home/loud/public_html/readalbum.php
How can I remove this error and make the chmod function work?
$ sudo chmod ...
You need to either be the owner of the file or be the superuser, i.e., user root. If you own the directory but not the file, you can copy the file, rm the original, then mv it back, and then you will be able to chown it.
The easy way to temporarily be root is to run the command via sudo. ($ man 8 sudo)
In order to perform chmod, you need to be owner of the file you are trying to modify, or the root user.
This is a tricky question.
There a set of problems about file permissions. If you can do this at the command line
$ sudo chown myaccount /path/to/file
then you have a standard permissions problem. Make sure you own the file and have permission to modify the directory.
If you cannnot get permissions, then you have probably mounted a FAT-32 filesystem. If you ls -l the file, and you find it is owned by root and a member of the "plugdev" group, then you are certain its the issue. FAT-32 permissions are set at the time of mounting, using the line of /etc/fstab file. You can set the uid/gid of all the files like this:
UUID=C14C-CE25 /big vfat utf8,umask=007,uid=1000,gid=1000 0 1
Also, note that the FAT-32 won't take symbolic links.
Wrote the whole thing up at http://www.charlesmerriam.com/blog/2009/12/operation-not-permitted-and-the-fat-32-system/
You, or most likely your sysadmin, will need to login as root and run the chown command:
http://www.computerhope.com/unix/uchown.htm
Through this command you will become the owner of the file.
Or, you can be a member of a group that owns this file and then you can use chmod.
But, talk with your sysadmin.