Php script creates files owned by different user/group

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
smudge
Forum Contributor
Posts: 151
Joined: Sun May 20, 2007 12:13 pm

Php script creates files owned by different user/group

Post by smudge »

Hello, I have been having a problem on my hosted site for some time now, and I thought this would be the best place to come for answers (normally the webmasters at the host aren't very helpful). When I create a file or directory using a php script with fopen() and mkdir(), instead of creating the file under my user and group, it gives it the user/group of apache/apache, which I apparently do not have permissions in. The error message reads,

Code: Select all

Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 10052 is not allowed to access /var/www/vhosts/domain/directory/ owned by uid 48 in /var/www/vhosts/domain/script.php on line 151
As if this is not troubling me enough, suddenly my fopen() doesn't create the new file automatically, giving me a "no such file or directory" error. I'm using

Code: Select all

fclose(fopen($path."adults.txt","w"));
to create the file. I don't want to read/write, so I wrap it in fclose()

As always, I would appreciate any help on this problem.

~Smudge
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Use chmod() to change the permissions so that you have permission to access the files.
(#10850)
smudge
Forum Contributor
Posts: 151
Joined: Sun May 20, 2007 12:13 pm

Post by smudge »

I tried that, but the problem is that you have to have the permission to change the owner/group/user permissions, which I don't have for the apache user/group. I tried it through php and through an ftp client, even with a different user name on the server, to no avail. The interesting part is that although my access is denied to create files (through PHP) inside the folder, when I look at it in my ftp client, it says quite clearly,
permissions: drwxrwxrwx
owner/group: apache apache
and if, in my ftp client or dreamweaver, I create a new file or directory, it lets me just fine.
It just won't let me do it in PHP with fopen. Might it have to do with the "SAFE MODE Restriction?" How do I turn safe mode off to test this?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

You probably have selinux security enabled. There's some info here http://en.wikipedia.org/wiki/SELinux

I always disable it because I haven't had the time to figure out it's intricacies.
smudge
Forum Contributor
Posts: 151
Joined: Sun May 20, 2007 12:13 pm

Post by smudge »

Sorry for the long wait. I don't think the server is using selinux. I know it's running Fedora and PHP 5.0.4.

How would I go about testing whether it is selinux? If it's there, how do I turn it off?
If it's safe mode in PHP, how do I turn that off?

It's really odd, because it lets me create the directory with PHP, and I can change the permissions to 777, but I can't change the owner or group, and I can't create or change any files in the new directory.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Fedora includes selinux out of the box. Here is a good article on it http://www.crypt.gen.nz/selinux/disable_selinux.html
smudge
Forum Contributor
Posts: 151
Joined: Sun May 20, 2007 12:13 pm

Post by smudge »

Ok, just to clarify, this is not my webserver, but it belongs to a hosting company, so unless there is some option on the control panel, I cannot shut off selinux, if that is what it is. I have a strong hunch that the problem is safe mode, and unless I am interpreting the error message wrong, then there is something like a file lock going on, or it thinks that because the file I'm trying to access is in the www/ folder (and thus being used by apache) I'm doing something wrong. If I had to guess, I'd say uid 10052 is my php script and uid 48 is apache. Is it a bad idea to turn safe mode off? Will I break anything? How do I go about doing this? I'm pretty sure you can do this from your PHP script temporarily, but I don't know how.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

You will not be able to turn php safe mode off unless you own/have access to the environment in which the server is running.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
smudge
Forum Contributor
Posts: 151
Joined: Sun May 20, 2007 12:13 pm

Post by smudge »

So then how do I create and write to files that are created with PHP? All I need to do is create a directory, give it 777 privileges, create 3 new, blank files in it, and copy a file from another directory into the the new one.
dancaragea
Forum Newbie
Posts: 10
Joined: Sat Oct 14, 2006 2:03 pm

Post by dancaragea »

You might have a chance if php on your server is reading php.ini from the directory with the script.
Try uploading a file named php.ini with this content:

Code: Select all

[PHP]
safe_mode = Off
in the same folder with the script trying to create files (not in the folder where you try to create the file).

Otherwise you could use a ftp class to ftp from php to localhost and save the file via ftp. This has the added benefit of saving the file with your user, not with apache.
smudge
Forum Contributor
Posts: 151
Joined: Sun May 20, 2007 12:13 pm

Post by smudge »

Thank you, dancaragea! The ftp worked perfectly, but not the .ini file. I just used ftp to copy the blank files and php script into the new folder.
Once again, thank you so much for your help. I wish I would have thought of using the ftp functions to get around safe mode.

Thanks also to astions, scottayy, and arborint.
Post Reply