as in topic. I know, 777 must work. 755 should too, but what chmod is recommended for cron job? This is php file on server in main directory. 644 not working, permission denied. Rest is ok in this cron job. Thanks for your help! I checked other threads, but no clear response I found.
It depends on under which user you are adding this crontab entry. That user should be able to read and execute the file. If you want anyone to run the file, your ending digit for the permission must be odd (5 to be exact)
Depends on how do you access the file. If you're passing its path as a parameter to php, it should be only read by the crontab user; if you're running it, it should be read and executable by the user.
Related
So I have a PHP file located in /var/www/html/test.php and I have it run the code shell_exec('touch /home/pi/Desktop/test_file')
However, the webpage displays fine but when I check the apache log files, I always get permission denied. I understand that apache is running as www-data user and my main user pi probably have some permission clash (I'm new to this stuff).
I tried many options I found on-line, the most promising was here, which suggested I run the commands:
sudo chown -R pi:www-data /home/pi/Desktop
sudo chmod -R g+s /home/pi/Desktop
...but I still get permission denied. Can anyone please suggest what permissions I may need to still configure? I want to ensure security, but at the same time need my PHP file to be able to create new files. I used the Desktop as an example directory, but really I don't care which directory, I just need a directory. I tried touching a file within /var/www/html, but that was permission denied as well. Thanks!
if your apache process is running as www-data, and the file ownership is pi:www-data, you probably need to run this chmod:
sudo chmod -R g+w /home/pi/Dekstop
First, setting the group as www-data won't matter if the files are not group writable. Mode 755 will ensure apache can read the files, but the www-data user would still not be able to write.
Secondly, using "g+w" adds group write without messing with any of the other bits. [644 becomes 664, and 755 becomes 775)]. This way you can safely adjust permissions recursively, without making files executable that shouldn't be.
Incidentally, sudo chmod g+s ... is probably not what you want. That will instead set the sgid bit, and not the group write bit.
First of all, why the heck are you using shell_exec to create a file? PHP has it's own touch() function that will do that for you. You can also create files just by opening a nonexistent file using certain modes (ie, fopen("myfile", "w"))
Using exec to create your files is surely messing with your permissions.
You need to find out which user PHP is running as and chown to that user. You can find that out by running get_current_user().
Then you need to change the permissions with chmod. There's an example in the comments so I won't repeat it. Good luck. Stop using shell_exec.
My default cpanel set up runs apache as user "nobody". So when I run a php script via a browser that outputs a file, that file has ownership nobody:nobody. When I run the script from a cron job logged in as user "fred", the output files are owned by fred:fred
I need both browser and cron to overwrite the same file. The issue I have is that if one "user" creates the file, the other one can't overwrite it.
Please can you let me know where the fundamental problem is and a possible solution. Permissions on the files are 0775.
Do I need to set up groups - adding the user to the same group as nobody? If so how?
How do I get the cron job to run as user nobody?
Many thanks,
Lloyd
Try you code after changing permission of the file as 0777.
But that creates a security issue as anyone can edit your file then.
I have a logic you need to implement to:
Create a shell script that copy the contents of temp file to your actual file.
From PHP you need to update only temp file and Shell can read it as temp file will have read permission for everyone.
Use ssh2_exec command to execute the shell script with your Linux UserName and Password.
For ssh2_exec manual follow this link : http://php.net/manual/en/function.ssh2-exec.php
Hope This will solve your problem.
Ok, my solution to this was to create a crontab for user "nobody".
I've got a standard cpanel installation and so went to /var/spool/cron created an entry for nobody. Ran crontab -e to edit it and install.
Now the php runs as nobody in the cron job exactly the same as if through a browser. All files written belong to nobody with only rw permissions for nobody.
I have a PHP file, x.php, that outputs b.xml every time it is run. The way I do this is by using crontab to run the x.php file. The problem is that due to the server's settings, the new file has permissions of 400. So I also have another crontab line to change file b.xml permissions to 777 so that x.php can run over it next time.
I feel like I am making this too complicated. Is there any way to make this a bit simpler?
Quick Answer
You'll need to chmod the file to be 777 in the x.php script.
After b.xml has been created, run this line:
chmod('path/b.xml', 0777);
Note you should always specify octals when using chmod.
A better way?
When you run a cron job, you should take special note of the user that is running the cronjob.
Generally on a shared server you will have your own login and thus the cron job runs as that user. My question to you - is that user the same as your web server? often php runs as "apache" and cron might be running as "tanner". In that case, setting b.xml to be owned by tanner, and having a permissions 400 means that only tanner can change the file.
To solve this, if you don't have access to umask, one way would be to change your cron job to run as the webserver:
su -c "php /home/jonathan/public_html/b.php" apache
This may or may not work depending if you are allowed to switch to apache as the user. do not forget to switch apache to the actual web servers username.
Now, if that doesn't work, then the alternative is to go for the 777 permissions. Keep in mind on a shared server this means anyone on that server could potentially get to that file if they knew the path.
Another way as suggested by OP:
0,10,20,30,40,50 * * * * /usr/bin/wget http://example.com/user/x.php
This way will always run as the apache (or whatever) user that apache runs as, ensuring the next time it is accessed, the file will be useable.
Ask the server admin to create a new user who owns the folder where the script writes the xml file.
Run your php script through your cron job as such user. If you run your script as the folder's owner you might change the permissions through your php script.
This should work:
// set permission
chmod('path/to/b.xml', 777);
// do other stuff
To solve this issue, I ended up just creating a cronjob such as this:
0,10,20,30,40,50 * * * * /usr/bin/wget http://example.com/user/x.php
This executed the file which created b.xml and since the user who executed the script was public, the permissions remained public as well.
Have been pulling out my hair for the past 2 hours on this and am sure I am doing something really stupid.
<?php
mkdir("blah", 0777);
?>
This works through the command line and the folder gets created. But the same thing doesn't work when I try to run it through the browser. Any file permission issues?
Could it possibly be that while running under the command line, the script inherits your permissions, but when running from the browser it doesn't?
In that case you would want to make your directory permissions 'write' for group.
Your web server (apache?) is running as it's own user, and doesn't have permission to write to the directory you're running mkdir in.
Give your web server's user permission to write to the directory by either A) making it Owner, B) adding it to the Group if the Group has write permission, or C) give Everyone write permission (not recommended for most setups).
you can try with the umask, When PHP is being used as a server module, the umask is restored when each request is finished.
$old = umask(0);
mkdir($path,0777);
umask($old);
I'm running a script that makes some changes to the contents of a file then resets its modification time to what it was before. Intermittently, I'll find the following errors in my log:
touch() [function.touch]: Utime
failed: Operation not permitted
This on the line immediately after a file_put_contents() call appears to have changed the contents of the file I tried to touch(). There are no errors associated with the file_put_contents() line.
Has anyone had this happen? Can anyone figure out what set of permissions would allow me to write a file but not change its modification time? I'm doing this on Linux.
This is a bug with PHP's touch command. Even if you have write permission to the file, it fails if PHP isn't also the "owner".
If you're using Apache and Linux, use this command on your server's console to make PHP the file's owner:
sudo chown www-data:www-data /YourPATH/YourFILE
Better still, update the entire folder containing files you want PHP to control:
sudo chown -R www-data:www-data /YourPATH/YourFOLDER
Side Note: Because PHP can write to the file, that means it must have user or group write permission. Since that's the case, touch should not behave this way. It seems like a bug.
It could be possible that the file gets created with wrong permissions. Try to chmod 777 the file just after the file_put_contents and then touch the file.
As rossoft says, PHP is probably not the owner of the file. But setting the permissions to 777 might not be the best solution. I'd preferr:
function touch_file($file) {
fclose(fopen($file, 'a'));
}
touch_file('/path/to/file');
Only recently, I've had a similar problem and I think I know the answer.
The actual purpose of touch() is to update the modification and access times of a file. Creating the file is just a side-effect.
If you're using Linux, but writing to an NTFS partition as you might with a dual-boot configuration, depending on how the partition is mounted, touch() might have problems changing the access time on files. The file will be created, but touch() will still fail because the underlying system returns an error status. The same thing can be observed from the command line where you'll get a "permission denied" message.
There doesn't seem to be any documentation regarding this in the man pages for mount, ntfs-3g, or touch (Linux command), but the problem is mentioned in the comments on the touch() PHP function page.
Tweaking mount options might provide a solution, but you're better off using is_writable() to check permissions and fopen() to create files.