Not able to delete files from my own server!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Not able to delete files from my own server!

Post by mjseaden »

Dear All

I'm trying to delete some pictures uploaded to my server's 'upload' directory via the usual POST->move_uploaded_file PHP method.

However, it's currently under construction and so the uploaded files are left on my server without deletion. However, when I go and try to delete these files using my usual FTP program, it denies me permissions. This didn't happen when I was using the same code under my Windows server - is it something to do with my CHMOD? Or is the usual explanation for this something else?

Many thanks

Mark
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

You probably (infact, definitely) don't own the files - so cannot delete them without first owning them. You need to CHOWN them to you and then you'll be able to delete them via FTP.
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Launchcode

I've read about PHP's chown() command, however I have also read that if I set this to allow ownership by "nobody", I might compromise my server in some way - is this correct?

Finally, my web server is Linux, but I don't own the server, it's hosted, so I don't have Linux myself. How do I set the files already in my upload directory appropriately so I can delete them?

Many thanks

Mark
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

I meant chown them as you, not as "nobody" - if you look at them they are probably owned by user: root in group: wheel ? Telnet/ssh into your server and chown them to yourself, then delete them - don't try this via a PHP script (because remember: PHP scripts run as "nobody" which is what caused this in the first place!) :)
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Hi Launchcode. I've never used Telnet to connect to my server before, but I've tried typing 'telnet' into my command prompt on WinXP, followed by 'o <domainname> 23', which is the port I use to connect to FTP via my FTP program, but Telnet is telling me my target machine actively refused my connection. Is there an explanation for this? Endless problems....

Cheers
Mark
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Okay, seem to be getting a connection now...
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Launchcode, what command do I use to own them myself? I can't seem to find the CHMOD command when I type 'HELP'

Cheers
Mark
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you most likely don't have it available through ftp.. through telnet would should though.
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Hi Feyd

I've tried to look up CHOWN, but it doesn't seem to be present. The usual UNIX ls etc. commands are, but not CHMOD or CHOWN. Can you tell me where I can find these?

Many thanks

Mark
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

With your ftp program you can examine file/dir owners and groups - should be a "dirinfo" button or something similar.

Php-created files/folders may appear as php/php - or anything really (not necessarily "nobody"). The crucial point is that it's not the same UID as the one you log in with in your ftp program.

To delete files, write a php script. Since php is the owner, it can do what it likes with them.

Also, if you CHMOD the files (with php...) to 0777, any UID can do anything with them. You could for example delete them via FTP.
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

mjs - telnet in and type in "man chown" - Unix commands are nearly always lower-case.
To delete files, write a php script. Since php is the owner, it can do what it likes with them.
Depends entirely on the server set-up. Very rarely have I seen a PHP "own" anything, unless that server has specifically created a php user and set scripts to run as it - if they haven't, they will be run as the default Apache user account which has the same lack of privs as "nobody". If you just think about the security implications of allowing one single "php" user to read/write anywhere on a shared server - well, you could cause havoc.
Also, if you CHMOD the files (with php...) to 0777, any UID can do anything with them.
Except he can't chmod them if he doesn't own them. And why chmod 777? What's the execute ability in aid of? Unless you actually want people to be able to upload shell scripts/etc that they can then run on your server :)
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

The files/directories are set to user 'apache' and group 'apache'. Not very useful :(
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

If the webserver owns them then you can write a little PHP script to remove the files. glob and unlink should do the job.
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Mark, I've run this little script:

Code: Select all

// Delete all files in uploads
function deltree($dir){
 $d = dir($dir);
 while($f = $d->read() ){
   if($f != "." && $f != ".."){
   if(is_dir($dir.$f)){
   deltree($dir.$f."/");
   rmdir($dir.$f);
   } // if
   if(is_file($dir.$f))
   unlink($dir.$f);
   }// if
  }// while
 $d->close();
}

deltree("<dirname>");
On my server, but it is still giving me permission denied errors.
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Does the following do the same?

Code: Select all

function foo($dir){
    foreach(glob($dir) as $file){
        echo 'Deleting '.$file.'<br />';
        unlink($file);
    }
}
Make sure $dir is the right directory first though ;)
Post Reply