Page 1 of 1
Php script creates files owned by different user/group
Posted: Tue Dec 11, 2007 5:59 pm
by smudge
Hello, I have been having a problem on my hosted site for some time now, and I thought this would be the best place to come for answers (normally the webmasters at the host aren't very helpful). When I create a file or directory using a php script with fopen() and mkdir(), instead of creating the file under my user and group, it gives it the user/group of apache/apache, which I apparently do not have permissions in. The error message reads,
Code: Select all
Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 10052 is not allowed to access /var/www/vhosts/domain/directory/ owned by uid 48 in /var/www/vhosts/domain/script.php on line 151
As if this is not troubling me enough, suddenly my fopen() doesn't create the new file automatically, giving me a "no such file or directory" error. I'm using
Code: Select all
fclose(fopen($path."adults.txt","w"));
to create the file. I don't want to read/write, so I wrap it in fclose()
As always, I would appreciate any help on this problem.
~Smudge
Posted: Tue Dec 11, 2007 8:24 pm
by Christopher
Use chmod() to change the permissions so that you have permission to access the files.
Posted: Tue Dec 11, 2007 9:18 pm
by smudge
I tried that, but the problem is that you have to have the permission to change the owner/group/user permissions, which I don't have for the apache user/group. I tried it through php and through an ftp client, even with a different user name on the server, to no avail. The interesting part is that although my access is denied to create files (through PHP) inside the folder, when I look at it in my ftp client, it says quite clearly,
permissions: drwxrwxrwx
owner/group: apache apache
and if, in my ftp client or dreamweaver, I create a new file or directory, it lets me just fine.
It just won't let me do it in PHP with fopen. Might it have to do with the "SAFE MODE Restriction?" How do I turn safe mode off to test this?
Posted: Tue Dec 11, 2007 9:21 pm
by Benjamin
You probably have selinux security enabled. There's some info here
http://en.wikipedia.org/wiki/SELinux
I always disable it because I haven't had the time to figure out it's intricacies.
Posted: Wed Dec 12, 2007 7:48 pm
by smudge
Sorry for the long wait. I don't think the server is using selinux. I know it's running Fedora and PHP 5.0.4.
How would I go about testing whether it is selinux? If it's there, how do I turn it off?
If it's safe mode in PHP, how do I turn that off?
It's really odd, because it lets me create the directory with PHP, and I can change the permissions to 777, but I can't change the owner or group, and I can't create or change any files in the new directory.
Posted: Wed Dec 12, 2007 8:26 pm
by Benjamin
Fedora includes selinux out of the box. Here is a good article on it
http://www.crypt.gen.nz/selinux/disable_selinux.html
Posted: Wed Dec 12, 2007 9:58 pm
by smudge
Ok, just to clarify, this is not my webserver, but it belongs to a hosting company, so unless there is some option on the control panel, I cannot shut off selinux, if that is what it is. I have a strong hunch that the problem is safe mode, and unless I am interpreting the error message wrong, then there is something like a file lock going on, or it thinks that because the file I'm trying to access is in the www/ folder (and thus being used by apache) I'm doing something wrong. If I had to guess, I'd say uid 10052 is my php script and uid 48 is apache. Is it a bad idea to turn safe mode off? Will I break anything? How do I go about doing this? I'm pretty sure you can do this from your PHP script temporarily, but I don't know how.
Posted: Thu Dec 13, 2007 6:50 am
by s.dot
You will not be able to turn php safe mode off unless you own/have access to the environment in which the server is running.
Posted: Thu Dec 13, 2007 6:06 pm
by smudge
So then how do I create and write to files that are created with PHP? All I need to do is create a directory, give it 777 privileges, create 3 new, blank files in it, and copy a file from another directory into the the new one.
Posted: Sat Dec 15, 2007 7:43 am
by dancaragea
You might have a chance if php on your server is reading php.ini from the directory with the script.
Try uploading a file named php.ini with this content:
in the same folder with the script trying to create files (not in the folder where you try to create the file).
Otherwise you could use a ftp class to ftp from php to localhost and save the file via ftp. This has the added benefit of saving the file with your user, not with apache.
Posted: Sat Dec 15, 2007 12:09 pm
by smudge
Thank you, dancaragea! The ftp worked perfectly, but not the .ini file. I just used ftp to copy the blank files and php script into the new folder.
Once again, thank you so much for your help. I wish I would have thought of using the ftp functions to get around safe mode.
Thanks also to astions, scottayy, and arborint.