Page 1 of 1
Edit document, not permissions
Posted: Thu Aug 30, 2007 8:37 pm
by Clukey
I am trying to create a script that updates a file with new information, and I don't have to do anything to the information, I just write it directly to the page and I'm done, and I'm using the fwrite method right now but that's making me change the permissions of the file to allow "Everyone" to write to it, so I'm just wondering if there is there any way to edit any kind of file or maybe even the script itself without changing the write permissions?
Thanks.
Posted: Thu Aug 30, 2007 9:00 pm
by tecktalkcm0391
you could do something like this:
Code: Select all
<?php
$thewrittenfile = '/home/public_html/editme.txt';
// Get the files current permissions:
$main_chmod = substr(sprintf('%o', fileperms('$thewrittenfile')), -4);
// Open file for everybody
chmod("$thewrittenfile", 0750);
// Do you codes like normal
//Close file for everybody making it back to it's original form
chmod("$thewrittenfile", $main_chmod);
?>
Posted: Fri Aug 31, 2007 2:59 am
by Clukey
Well, I've heard that too, but unfortunately I need the same amount of permissions to use chmod as I do to use fwrite so it doesn't really help
Posted: Fri Aug 31, 2007 5:37 am
by VladSun
I suppose you are talking about shared server.
If so, I really don't think that changing to 0777 permissions is so big issue. Just try that:
1) find a web site which resides on the same server;
2) find the index page (index.php, index.html, etc.)
3) examine the output of realpath(".")
4) given the information from realpath() and the site name, try readfile("real_path_to_discovered_site/index.php");
I bet you will get an error message

So - don't bother about 0777 permissions

Re: Edit document, not permissions
Posted: Fri Aug 31, 2007 5:52 am
by volka
Clukey wrote:but that's making me change the permissions of the file to allow "Everyone" to write to it
Then your script (or the process running the script) falls neither in the category "owner" nor "group" for that file.
please try
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_erros', true);
$path = 'path/to/the/file/in/question';
print_stat($path);
function print_stat($path) {
$s = @stat($path);
if ( false===$s) {
echo "cannot stat $path\n";
return false;
}
$m = $s['mode'];
echo $m & 0040000 ? 'd':'-';
for($i=6; $i>=0; $i-=3) {
echo $m & (1<<($i+2)) ? 'r' : '-';
echo $m & (1<<($i+1)) ? 'w' : '-';
echo $m & (1<<($i+0)) ? 'x' : '-';
}
echo
' uid:', str_pad($s['uid'], 4, ' ', STR_PAD_RIGHT),
' gid:', str_pad($s['gid'], 4, ' ', STR_PAD_RIGHT),
' ', $path, "\n";
return true;
}
and post the output.
Posted: Fri Aug 31, 2007 6:19 am
by VladSun
Look at these:
http://us2.php.net/features.safe-mode
http://www.suphp.org/Documentation-Modu ... on.en.html
and you will get the idea

Remember - your files are owned by your FTP user (usually).
Posted: Fri Aug 31, 2007 6:22 am
by volka
Safe mode will be removed in php6 ...for a reason.
Posted: Fri Aug 31, 2007 6:25 am
by VladSun
It will be removed, but similar mods will be used. I've just shown the core reasons for not to worry about 0777 permissions on shared servers.
Posted: Fri Aug 31, 2007 6:57 am
by volka
It will be always an uphill battle for php to provide such security features from within. Effective measures do not operate from within the application but incorporate the system's own security mechanisms. That would in this case include basic file permission settings.
phpsuexec is a more reasonable approach (but somehow I don't like it ...for no good reason),
http://httpd.apache.org/docs/2.0/mod/perchild.html would have been great. But safe mode and 0777 are not so good (e.g. mod_perl doesn't care about php safe_mode settings, nor does ssi or ... or...). I admit it's the reality for many shared hosts, but I will not shed a tear once safe_mode is gone.
Posted: Fri Aug 31, 2007 7:01 am
by VladSun
I do agree with you, volka

Posted: Fri Aug 31, 2007 7:06 am
by volka
wow, that was fast

Re: Edit document, not permissions
Posted: Mon Sep 03, 2007 6:19 pm
by Clukey
Hey, thanks for the replies, to volka, the output was: -rw-r--rw- uid:32276 gid:32277 xmlFile.xml
and to VladSun I don't know how to find another site on the same server, but I imagine it would error, I was just hoping wouldn't have to change the permissions
volka wrote:Clukey wrote:but that's making me change the permissions of the file to allow "Everyone" to write to it
Then your script (or the process running the script) falls neither in the category "owner" nor "group" for that file.
please try
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_erros', true);
$path = 'path/to/the/file/in/question';
print_stat($path);
function print_stat($path) {
$s = @stat($path);
if ( false===$s) {
echo "cannot stat $path\n";
return false;
}
$m = $s['mode'];
echo $m & 0040000 ? 'd':'-';
for($i=6; $i>=0; $i-=3) {
echo $m & (1<<($i+2)) ? 'r' : '-';
echo $m & (1<<($i+1)) ? 'w' : '-';
echo $m & (1<<($i+0)) ? 'x' : '-';
}
echo
' uid:', str_pad($s['uid'], 4, ' ', STR_PAD_RIGHT),
' gid:', str_pad($s['gid'], 4, ' ', STR_PAD_RIGHT),
' ', $path, "\n";
return true;
}
and post the output.