When I download a file with curl through php I cannot seem to be able to delete it afterwards through ftp. I can delete it through the php script, but that's not exactly perfect. If the file isn't downloaded via curl, but still via php I can delete the file, it's just ones downloaded via curl that I cannot delete. When I try to run chown() through php on the file it gives me a permissions error. I've tested the same php script on multiple other servers and it works fine there, it's just this particular one it doesn't work on. Maybe it has something to do with php configuration and permissions but I'm not 100% on that.
Sounds like it is saved with the file owner being the user account of the web server. A non-privileged account can't chown to a different user, either, so that explains why chown fails... Try having PHP execute chmod 777 on the file before you delete it.
When you create a file it is usually owned by the Apache user (or whatever app server you use). The FTP user however is not the same one most of the time. You can fix this by adding the FTP user to the Apache group (or the other way around). Sometimes they already share a group (like on many plesk environments) so making files readable and writeable for that shared group may solve the issue.
Related
I am currently attempting to write a simple web page to store emails in a database. I am on a server which is not mine (but does run Apache), so I do not have root access, so I have opted to use SQLite3. The goal is to use PHP to INSERT into the database, however, I continue to encounter the issue with the database being owned by me and the PHP attempting to access using the user "apache" which leads to a "readonly" error. Since I am not root, I cannot chown the database file and even when I chmod 777, it has no effect. The conclusion I came to was to have the PHP script create the database itself (under the user apache) but now I do not have write access to the file. Is it okay for me to just allow apache to own the database or is there some better way to do this?
SQLite is a library, i.e., it's just a bunch of code that runs inside the web server process. This means that accesses to the database file behave just like any other file access from Apache.
The web server process needs to be able to access the file itself, and to create the journal rollback file in the same directory.
chmod 777 is a bad because every user on that machine can do anything to the database. It would be a better idea to have the database file and the directory belong to a group that has you and apache as members.
If the server's administrator will not create such a group, then you could have apache as the owner, and add a backdoor (sufficiently protected) to your web app to allow overwriting the database with a new file.
In my PHP application I am using file_put_contents() to create a file to display comprising of a blob retrieved from a table in my database. However, currently, in order to get the function to work on my Amazon EC2 Ubuntu instance, I had to give the folder it's writing to 777 permissions. However, I know this is extremely bad and I want to change this, but I don't know what to.
I'm a novice at Linux and I'm currently navigating around my instance through the help of Google. This is part of a university assignment, so I can't just hire a Linux expert (just in case one of you says I shouldn't be using such an instance if I don't know Linux!)
Assuming that you are using this from a browser with normal http requests, you need to find out what the user is that is running the web-server. Probably something like apache, www-user or something similar.
Then you can do 2 things:
Change the ownership of the directory where you want to save the file to the web-server user and then it can have permissions 755
Change the group of the directory to the group of the web-server and then the directory needs 775.
I am attempting to fwrite() via an FTP wrapper from a UNIX-based server to a Windows-based server with PHP. I am connecting successfully, and am able to (for example) create directories. However, I can't seem to write files to the folders! When I look at the directory permissions using an FTP client, I noticed that they are all 0000, and cannot be changed. Apparently, Windows-based servers do not use the same FTP permission system.
So... what's up? What do you recommend? I am able to upload files to the directory using an FTP client, but when I attempt to write files with PHP, nothing happens.
I am at a complete loss as to why this may be occurring. I have confirmed my script works by writing to UNIX-based servers, so that is not a problem. Is it possible that the fact the destination server does not have PHP installed matters? I would not think so, but I'm open to any ideas at this point!
Thank you!
EDIT - What's really getting me is that I AM able to create directories, so it doesn't make any sense that writing shouldn't be working. On Windows servers, is there some setting that would prevent just the writing of FILES, but not folders?
EDIT 2 - More research has told me that, though you cannot CHMOD on Windows servers, PHP's CHMOD still somehow does something with the permissions. However, this does not appear to be working for me. Is there a way to change the permissions directly with PHP code, or is this something that has to be done directly on the server, outside of my reach?
I recommend file_put_contents, and make sure PHP is allowed to write in that directory.
Solved
I figured out who the current user was using PHP and managed to set the new directories' owner to be the user the PHP scripts are executed from. However, this was still causing issues as some other commands (used to determine who the current user was) weren't working. This highlighted that the problem was that my PHP distribution was configured to be in safe mode.
I disabled safe mode and the commands provided by Ed Manet allowed me to add/edit/remove the files as desired, without the shortcut of just having everything be 777 permissions.
Thanks for the help!
Original Post
I have a web application that stores some data on the server. This involves creating and removing both directories and files (as well modifying existing files) in PHP. The main problem I'm having is do with the permissions required to perform such actions.
If I set existing files' permissions to 777, then the PHP script can edit them just fine (although I know this isn't an optimal solution as it's insecure). The script can also create and remove directories just fine (when they have 777 permissions at least), but no matter what I do I cannot get the script to create new files.
I've done some searching around and it appears that I need to elevate the PHP "user" to a user that has the required priviliges. However, when it comes to server configuration and permissions I'm essentially a beginner. How would I change to a different user to perform the required actions? Is it possible to do this mid-script and use PHP's fopen() and chmod() functions as normal? Or would I have to spawn an entirely new process using a shell command, somehow getting that external program executing with the correct privileges?
To summarise, I need a new of creating, modifying and deleting files/directories in a we b server using PHP, by assigning adequate permissions to the files and privileges to the PHP user. I am unsure on how to do this.
Thank you.
What I would do is change ownership of the folder that the PHP has to create files in to the account that runs the PHP process. Then you don't need to open up permissions so much.
So if this is a Linux system and the webserver is run by a user called "apache":
chown -R apache /path/to/the/files
Then change permissions to owner read/write
chmod -R 644 /path/to/the/files
Is there a way to properly set folder permissions via PHP on a Windows filesystem, such as granting user A full access, and user B read-only on folder \\fileserver\shares\users\A\
I can't seem to find any PHP functions for Windows filesystems for PHP
Any ideas?
Despite using the Unix file permission syntax, PHP's chmod() function does work in Windows (I just tested it).
If your user A was the file owner and user B wasn't then it would be easy to grant one set of permissions to user A and different permissions to user B. You can set the owner of a file using the chown() function (again, Unix-like syntax, but works with Windows, subject to your PHP program having sufficient permissions to itself to make the change).
Hope that helps.
If you have the ability to call command-line processes, you could use SetACL (if you need very detailed control) otherwise, CACLS is built in.