I am using a PHP application to generate links to files. Links are basically PHP files (abcd.php) with permission 644 put into a directory public with permission 755.
When I try to access public/abcd.php via browser I get a 500 Internal Server Error. If I change the file permission to 755, the system works.
I am using a cheap web server so I do not have much access to logs. What can be the cause of the problem? Can I solve the issue?
Thanks
644 on any server side script is likely to have problems because no executable flag is set
644 means that the owner can read and write and the rest of the world can read
755 means that the owner can do everything and the rest of the world can read and execute.
By rest of the world I really mean, other users on the server (eg. Apache which is likely to be the web server that your hosting runs upon)
Maybe PHP run as CGI on your server, and not as an Apache DSO module, so it needs the execution bit.
Try a phpinfo() to see if PHP run as CGI...
Related
copy() function does not work in web browsers, but it works with CLI environment!!
I already checked the file permission and /etc/php5/apache2/php.ini file to check whether copy() is listed on the disable_functions. But it is not listed there :(
My os is debian by the way.
Thanks~ :)
You need to make sure that the files your moving are accessible by the user running the Apache application.
Apache usually runs as www-data:www-data, changing the file to 777 permissions (chmod 777 filename). Also ensure that the directory permissions allow access as well.
You shouldn't leave the permissions as 777 as this leaves the system open to all sorts of abuse. There is some very good documentation and very lengthy details about this here
We have an PHP XML parsing script that uploads photos to a folder structure like /content/images/2012/05/31/%object_id%/. This parser runs primarily as a DirectAdmin cronjob. We run into many problems getting the folder permissions right to enable the uploading in that directory for both the cronjob as running the parser via the browser.
According to print_r(posix_getpwuid(fileowner($directory))); the owner of the directory is is the same as get_current_user(). Nevertheless I receive: Warning: mkdir() [function.mkdir]: Permission denied when running the script via the browser. It works fine when running it as a cron job.
All folders have chmod 0777 and new folders are created as such;
mkdir($path,0777,true);
Naturally we have the same permission problems with uploading and/or deleting the files themselves.
Is there any way to enable all the file actions running both as a cron job and through the browser?
We are running Linux with PHP Version 5.2.17.
Couple of thinks to note: get_current_user gets the owner of the .php file (i.e. the script) but NOT the name of the user that is running the php script. Invariably these are different as the file will be uploaded by you (a regular user) and php/apache will run as a different user (often called "apache" or "www".) You need the latter of these two. suggested snippet from the php manual to get this is:
$processUser = posix_getpwuid(posix_geteuid());
print $processUser['name'];
(http://php.net/manual/en/function.get-current-user.php - see comments)
To solve you current problem, though, my strong suggestion is to run the cron as the same user that the php/apache is running as (check man page on crontab) - the user should be the one in that snippet above, CHOWN the files and directories to that same user (they will currently be root) and to a group that is shared between you and the FTP client. Then make sure the user and group have read+write permissions so you can also edit from ftp. Make sure you change permissions on both directores (775) and files (644) as your script creates them.
Also note that if you mkdir(), then the directory above must also have write permissions for the user (and this might actually be your initial problem, and why only root/cron can write there).
when I 7zip a folder with php files on a PC and send it to my Mac, I can extract everything properly etc. But as soon as I turn on the localhost and want to open them in my browser, I get
"You don't have permission to access the requested object"
Even if I change permissions to read, write and execute for everyone, I cannot access the files in my browser.
What do I need to do?
Thanks
Dennis
Maybe in your Apache HTTPD config file/.htaccess there is a restriction.
Also, look the chmod of your file, even if the directory is chmod'ed 777.
Try testing on a new hello world php script in your project directory, you will see if you can execute it.
Make sure that the apache can read the files. For testing porpose you could run chmod 644 filename and also chmod 755 dirname.
If you played with the server configuration make sure that the server configuration allows the clients access to that path.
I've got a new server and when using my php script, I'm able to write files and detect them as being writable even though CHMOD has them as 555 or 755. Is there an apache module or php.ini that is making this possible? Is this a security problem?
What filesystem is your server/volume using?
Some filesystems use different permission schemes, like Access Control Lists in addition to or instead of Unix permissions. For example, you might be using AFS or OpenAFS (Andrew File System) which uses ACL's, in which case you'd have to enter a completely different command to change access. Ask your network administrator; they should be able to answer that. Or you can try running
df -T
to see what that gives you.
You might want to read up on file permissions here:
http://www.zzee.com/solutions/unix-permissions.shtml
That should give you a clue about whats going on.
It doesn't have to be a security hole, file permissions are server side, but if people can upload files they can theoretically, potentially inflict harm by somehow getting their own code running on your server....
Recently, while working on a shared host, I accidentally changed the permissions of my root website directory to 777. The correct permissions should have been 755.
Instantly, I started getting the "Internal Server Error" message for my pages. I figured that the Apache server wanted to stop requests because of a security threat.
I wonder what threat can be caused by giving full permissions to the root directory.
Can someone throw light on that?
Thanks!
If a file chmod is 777, it will be easier for a cracker to upload malicious scripts in your server or modify your pages, etc.
For that reason, only directories where users can upload files should have a public write right.
For your web pages that are not designed to be modified dynamically by the website, a 755 chmod is more secured.
There are a variety of answers, but it maybe that Apache doesn't want .htpasswd and .htaccess files to be readable by anyone.