unlink on unix with files labelled -666

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

unlink on unix with files labelled -666

Post by m3rajk »

i have files with permissions -r-xr-xr-x
this was set up by a php script run as nobody.

a different section of the same file has a delete.... however, while it removes the database entries fine, it leaves the pictures... the files with the -r-xr-xr-x permissions. the files are actually owned by nobody. do i need then to be -rwxr-xr-x to be deleted able b y the script? or is there some other error happening?

server:
LAMP -- Fedora Core 2; Apache 2.0.49; MySQL 3.23.59; PHP 4.3.3
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

tried it?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

AFAIR to delete a file you need to have write permission on folder containing that file

confirmed.

Code: Select all

$ mkdir tst.dir
$ ls -ld tst.dir
drwxr-xr-x  2 weirdan  weirdan  512 Sep 12 00:14 tst.dir
$ echo 'asd'>tst.dir/a
$ chmod a-w tst.dir
$ ls -ld tst.dir
dr-xr-xr-x  2 weirdan  weirdan  512 Sep 12 00:14 tst.dir
$ ls -l tst.dir
total 2
-rw-r--r--  1 weirdan  weirdan  4 Sep 12 00:14 a
$ rm tst.dir/a
rm: tst.dir/a: Permission denied
$ chmod u+w tst.dir
$ rm tst.dir/a
$
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

Weirdan
thanx. i was trying to figure out what the issue was that was preventing the file from being deleted.

now the question has changed.
i believe the deployment server has the same group issue here as the development one.

on the development server, nobody is not part of the group with the write permission. it's only part of other. yet it can upload via a script that was created by a user in the group. it can also move TO the folders owned by the group. i need to check on permissions, but i belive the folder is a 775 permission, so why can it get the pictures there? i' dont want to have 777 permissions, so i guess i'll add nobody ot the group. see if that works.

edit: directories (on both servers) have permisions of drwxrwxrwx
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

what does show the following code (set $dir variable to appropriate value):

Code: Select all

clearstatcache();
$dir = '/some/where';
echo "Dir " . (is_writeable($dir)?'':'not') ." writable<br />\n";
echo "Dir permissions are: " . substr(sprintf('%o', fileperms($dir)), -4) . "<br />\n";
echo "Dir owner is: "; var_dump(posix_getpwuid(fileowner($dir))); echo "<br />\n";
echo "Dir group is:"; var_dump(posix_getgrgid(filegroup($dir))); echo "<br />\n";
echo "PHP effective user id: "; var_dump(posix_getpwuid(posix_geteuid())); echo "<br />\n";
echo "PHP effective group id: "; var_dump(posix_getgrgid(posix_getegid())); echo "<br />\n";
?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

a way to get round this issue, is to write a script that connects via ftp on localhost and deletes the files.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

timvw wrote:a way to get round this issue, is to write a script that connects via ftp on localhost and deletes the files.
actually this is for a script executing on a remote server. it needs to delete files local to the script for it's delete subsection to work right. unfortunately, as of now, it seems to be unable to delete files.

Weirdan

for the development server (i am assuming the same issue on both since from what i can tell they are set up quite similar) i get the following print out (with some minor editing on my part)
Dir writable
Dir permissions are: 0777
Dir owner is: array(7) { ["name"]=> string(6) "joshua" ["passwd"]=> censored ["uid"]=> int(500) ["gid"]=> int(502) ["gecos"]=> string(17) "Joshua Perlmutter" ["dir"]=> string(12) "/home/joshua" ["shell"]=> string(9) "/bin/bash" }
Dir group is:array(4) { ["name"]=> string(14) "findyourdesire" ["passwd"]=> censored ["members"]=> array(3) { [0]=> string(6) "joshua" [1]=> string(5) "cmang" [2]=> string(7) "dr0p0ut" } ["gid"]=> int(501) }
PHP effective user id: array(7) { ["name"]=> string(6) "apache" ["passwd"]=> censored ["uid"]=> int(48) ["gid"]=> int(48) ["gecos"]=> string(6) "Apache" ["dir"]=> string(8) "/var/www" ["shell"]=> string(13) "/sbin/nologin" }
PHP effective group id: array(4) { ["name"]=> string(6) "apache" ["passwd"]=> censored ["members"]=> array(0) { } ["gid"]=> int(48) }
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

with this setup (777) anyone should be able to remove any file from that dir. As an alternative to adding apache to findyourdesire group you could add users to apache group and have 775 (or 770) mode set on the dir (assuming you would change group of the dir to 'apache').
Post Reply