Page 1 of 1
unlink on unix with files labelled -666
Posted: Sat Sep 11, 2004 3:53 pm
by m3rajk
i have files with permissions -r-xr-xr-x
this was set up by a php script run as nobody.
a different section of the same file has a delete.... however, while it removes the database entries fine, it leaves the pictures... the files with the -r-xr-xr-x permissions. the files are actually owned by nobody. do i need then to be -rwxr-xr-x to be deleted able b y the script? or is there some other error happening?
server:
LAMP -- Fedora Core 2; Apache 2.0.49; MySQL 3.23.59; PHP 4.3.3
Posted: Sat Sep 11, 2004 4:05 pm
by feyd
tried it?
Posted: Sat Sep 11, 2004 4:12 pm
by Weirdan
AFAIR to delete a file you need to have write permission on
folder containing that file
confirmed.
Code: Select all
$ mkdir tst.dir
$ ls -ld tst.dir
drwxr-xr-x 2 weirdan weirdan 512 Sep 12 00:14 tst.dir
$ echo 'asd'>tst.dir/a
$ chmod a-w tst.dir
$ ls -ld tst.dir
dr-xr-xr-x 2 weirdan weirdan 512 Sep 12 00:14 tst.dir
$ ls -l tst.dir
total 2
-rw-r--r-- 1 weirdan weirdan 4 Sep 12 00:14 a
$ rm tst.dir/a
rm: tst.dir/a: Permission denied
$ chmod u+w tst.dir
$ rm tst.dir/a
$
Posted: Thu Sep 16, 2004 12:01 pm
by m3rajk
Weirdan
thanx. i was trying to figure out what the issue was that was preventing the file from being deleted.
now the question has changed.
i believe the deployment server has the same group issue here as the development one.
on the development server, nobody is not part of the group with the write permission. it's only part of other. yet it can upload via a script that was created by a user in the group. it can also move TO the folders owned by the group. i need to check on permissions, but i belive the folder is a 775 permission, so why can it get the pictures there? i' dont want to have 777 permissions, so i guess i'll add nobody ot the group. see if that works.
edit: directories (on both servers) have permisions of drwxrwxrwx
Posted: Thu Sep 16, 2004 1:56 pm
by Weirdan
what does show the following code (set $dir variable to appropriate value):
Code: Select all
clearstatcache();
$dir = '/some/where';
echo "Dir " . (is_writeable($dir)?'':'not') ." writable<br />\n";
echo "Dir permissions are: " . substr(sprintf('%o', fileperms($dir)), -4) . "<br />\n";
echo "Dir owner is: "; var_dump(posix_getpwuid(fileowner($dir))); echo "<br />\n";
echo "Dir group is:"; var_dump(posix_getgrgid(filegroup($dir))); echo "<br />\n";
echo "PHP effective user id: "; var_dump(posix_getpwuid(posix_geteuid())); echo "<br />\n";
echo "PHP effective group id: "; var_dump(posix_getgrgid(posix_getegid())); echo "<br />\n";
?
Posted: Thu Sep 16, 2004 3:34 pm
by timvw
a way to get round this issue, is to write a script that connects via ftp on localhost and deletes the files.
Posted: Sat Sep 18, 2004 5:14 pm
by m3rajk
timvw wrote:a way to get round this issue, is to write a script that connects via ftp on localhost and deletes the files.
actually this is for a script executing on a remote server. it needs to delete files local to the script for it's delete subsection to work right. unfortunately, as of now, it seems to be unable to delete files.
Weirdan
for the development server (i am assuming the same issue on both since from what i can tell they are set up quite similar) i get the following print out (with some minor editing on my part)
Dir writable
Dir permissions are: 0777
Dir owner is: array(7) { ["name"]=> string(6) "joshua" ["passwd"]=> censored ["uid"]=> int(500) ["gid"]=> int(502) ["gecos"]=> string(17) "Joshua Perlmutter" ["dir"]=> string(12) "/home/joshua" ["shell"]=> string(9) "/bin/bash" }
Dir group is:array(4) { ["name"]=> string(14) "findyourdesire" ["passwd"]=> censored ["members"]=> array(3) { [0]=> string(6) "joshua" [1]=> string(5) "cmang" [2]=> string(7) "dr0p0ut" } ["gid"]=> int(501) }
PHP effective user id: array(7) { ["name"]=> string(6) "apache" ["passwd"]=> censored ["uid"]=> int(48) ["gid"]=> int(48) ["gecos"]=> string(6) "Apache" ["dir"]=> string(8) "/var/www" ["shell"]=> string(13) "/sbin/nologin" }
PHP effective group id: array(4) { ["name"]=> string(6) "apache" ["passwd"]=> censored ["members"]=> array(0) { } ["gid"]=> int(48) }
Posted: Mon Sep 20, 2004 7:27 am
by Weirdan
with this setup (777) anyone should be able to remove any file from that dir. As an alternative to adding apache to findyourdesire group you could add users to apache group and have 775 (or 770) mode set on the dir (assuming you would change group of the dir to 'apache').