Page 1 of 1

chown command via PHP?

Posted: Tue Jun 25, 2002 2:38 pm
by theotheragentm
I have a file on my server that was written by the user apache and so apache is the owner. Not being apache I can't edit or delete the files. What I was planning to do was change the owner to myself and then I could change the permissions so scripts still had access to them. I'm completely brand new to PHP so I don't know where to begin with this task. Please let me know if you have any suggestions.

Err....

Posted: Tue Jun 25, 2002 3:23 pm
by BDKR
Is the name of the file the same each time it's written? What if you created it originally but gave apache permission to write to it? To do this, you would need to know the name of the file and create it yourself obviously. However, the only problem here is I don't know enough about what's going on to really say.

So, ....err, how about some more details? :wink:

Later on
BDKR (TRC)

Re: Err....

Posted: Tue Jun 25, 2002 4:13 pm
by theotheragentm
BDKR wrote:Is the name of the file the same each time it's written? What if you created it originally but gave apache permission to write to it? To do this, you would need to know the name of the file and create it yourself obviously. However, the only problem here is I don't know enough about what's going on to really say.

So, ....err, how about some more details? :wink:

Later on
BDKR (TRC)
it's a few files but, yes they are the same each time the script is run. well, since it is after the fact, creating it first myself is not an option. im trying to create a script now to change the owner after the file is created. i know there is a chown function for PHP. is there a way i can create a form to pass the filename and username and have it called? i would guess there is a way but i have no idea how to write it either.

chown and the bad stuff...

Posted: Wed Jun 26, 2002 8:47 am
by BDKR
Hey,

First off, there are security issues realated to chown. Comments in the manual even state as much. This is the reason that only the superuser (root in most cases) can use chown(). If you're not root, then chown() is useless to you. Any way around that may be considered a hack by your host. 8O

This is why I asked if you knew the name / names of the file / files. If it's possilbe, create the files so that apache can open them and do whatever it needs to do. If the file exists before apache needs to access it. that's not a problem, as long as apache has read and write access to it. In this way, the file can be created with whomever you wish to be the owner, yet apache can still access it.

If after the files have been accessed by apache, you are worried about the permissions, you can use chmod() to change them to something more secure.

In short, you have to realize that there is a reason that just anybody can't change file ownership. This would make a system extremely un-secure and prone to the whim of anyone running a script on it.

Beyond what I suggested, I"m not sure what else can be done.

Later on,
BDKR (TRC)

Posted: Wed Jun 26, 2002 9:10 am
by volka
from the manual page of chown (of a sunOS 5.8 box)
The chown utility will set the user ID of the file named by each file to the user ID specified by owner, and, option-ally, will set the group ID to that specified by group.
If chown is invoked by other than the super-user, the set-user-ID bit is cleared.
Only the owner of a file (or the super-user) may change the owner of that file.
The operating system has a configuration option {_POSIX_CHOWN_RESTRICTED}, to restrict ownership changes. When this option is in effect the owner of the file is prevented from changing the owner ID of the file. Only the super-user can arbitrarily change owner IDs whether or not this option is in effect. To set this configuration option, include the following line in /etc/system:
So may be that you can use chown, may not. But you can create a directory with the sticky-flag set on group, which causes any file created in this directory to get the same group-privileges as the directory. i.e.: chmod g+s testdir