How can you allow a PHP script to write to a file with high-security restrictions, such as only allowing a single user to write to it?
The difficulty seems to be that a PHP script is running as a low-permissions user (maybe apache, or www, or nobody?), and even if I chown apache the_writable_file, the directory it's in might not be writable for the low-level user. In general, what's the usual way that PHP can work with local files in a secure way?
Unfortunately, in shared hosts that use mod_php, there is no way to restrict access to secure files to your web app and login user.
The solution is to run your web app as your login user. When you do that, UNIX file permissions can correctly lock everyone else out. There are several ways to implement that, including SuExec, suPHP, or running PHP with FastCGI with mod_fcgid or mod_proxy_fcgid. FastCGI is my favorite way.
Another solution is to use a dedicated host or virtual private server.
Sure, chgrp apache the_writable_file and chmod g+w the_writable_file. After that, only your secure user and the apache user will be able to write to the file. Since the apache user is typically forbidden from logging in, you only have to worry about web users writing to your secure file using through the http daemon.
All the containing folders need to have execute permissions.
For example, if the file's in /foo/bar/the_writable_file, the directories "foo" and "bar" both need to have executable permission to access the_writable_file, even if they don't have read/write permission.
Related
I am currently attempting to write a simple web page to store emails in a database. I am on a server which is not mine (but does run Apache), so I do not have root access, so I have opted to use SQLite3. The goal is to use PHP to INSERT into the database, however, I continue to encounter the issue with the database being owned by me and the PHP attempting to access using the user "apache" which leads to a "readonly" error. Since I am not root, I cannot chown the database file and even when I chmod 777, it has no effect. The conclusion I came to was to have the PHP script create the database itself (under the user apache) but now I do not have write access to the file. Is it okay for me to just allow apache to own the database or is there some better way to do this?
SQLite is a library, i.e., it's just a bunch of code that runs inside the web server process. This means that accesses to the database file behave just like any other file access from Apache.
The web server process needs to be able to access the file itself, and to create the journal rollback file in the same directory.
chmod 777 is a bad because every user on that machine can do anything to the database. It would be a better idea to have the database file and the directory belong to a group that has you and apache as members.
If the server's administrator will not create such a group, then you could have apache as the owner, and add a backdoor (sufficiently protected) to your web app to allow overwriting the database with a new file.
Solved
I figured out who the current user was using PHP and managed to set the new directories' owner to be the user the PHP scripts are executed from. However, this was still causing issues as some other commands (used to determine who the current user was) weren't working. This highlighted that the problem was that my PHP distribution was configured to be in safe mode.
I disabled safe mode and the commands provided by Ed Manet allowed me to add/edit/remove the files as desired, without the shortcut of just having everything be 777 permissions.
Thanks for the help!
Original Post
I have a web application that stores some data on the server. This involves creating and removing both directories and files (as well modifying existing files) in PHP. The main problem I'm having is do with the permissions required to perform such actions.
If I set existing files' permissions to 777, then the PHP script can edit them just fine (although I know this isn't an optimal solution as it's insecure). The script can also create and remove directories just fine (when they have 777 permissions at least), but no matter what I do I cannot get the script to create new files.
I've done some searching around and it appears that I need to elevate the PHP "user" to a user that has the required priviliges. However, when it comes to server configuration and permissions I'm essentially a beginner. How would I change to a different user to perform the required actions? Is it possible to do this mid-script and use PHP's fopen() and chmod() functions as normal? Or would I have to spawn an entirely new process using a shell command, somehow getting that external program executing with the correct privileges?
To summarise, I need a new of creating, modifying and deleting files/directories in a we b server using PHP, by assigning adequate permissions to the files and privileges to the PHP user. I am unsure on how to do this.
Thank you.
What I would do is change ownership of the folder that the PHP has to create files in to the account that runs the PHP process. Then you don't need to open up permissions so much.
So if this is a Linux system and the webserver is run by a user called "apache":
chown -R apache /path/to/the/files
Then change permissions to owner read/write
chmod -R 644 /path/to/the/files
Is it possible to set root permissions for php script
and manipulate with system folders:
For example:
I want to monitor file changes in specific folder and display it to browser
try using sudo http://www.gratisoft.us/sudo/
an example of using sudo in php.net http://www.php.net/manual/en/function.exec.php#56274
You should take the other way round: Make the script readable (and only readable) for the user PHP is running under.
Allowing PHP to run with root rights with access from outside (=> browser) is .. just stupid.
yes, it is possible but not recommended unless your server is internal. In other words, if noone will have access to your server, you can do that, such as an internal application. exposing this to the world is highly discouraged.
How you can do this is to set your process to sudoers. if you are using this via httpd you can set the httpd process to sudoers.
What is the safest chmod for a web app to write into a simple .txt file, and it should not be accessible by the public.
Thanks,
Jean
Do you mean not accessible to the public via a web server? You would need to use a .htaccess file to limit access.
PHP will most likely be hosted through the apache process or as a CGI probably running under the same user as the apache process, so chmod wouldn't work in 90% of cases.
If your PHP process runs as another user, you can only allow r/w for the public. But if you mean not accessible by the public through your web server, you can use .htaccess do deny access to it.
What's the best practice in a secure manner to setup the user/group and permissions? Here's what we currently have; web server runs as www/www. Fastcgi Php runs as www/www. User's shell/ftp account is username/username.
We want the user to be able to have full access to all files, including those created by the web server 'www' from the shell or ftp. Similarly, we want the scripts run by fastcgi/php to be able to create files in user created directories and modify user created files.
Best practice for multiple users with different domains / files would be running suexec for fastcgi, so they run their own files as their own user, and their scripts don't have the privileges the webserver has.
If you're paranoid you start chrooting.