PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Jun 06, 2020 4:42 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: php permissions
PostPosted: Wed Sep 21, 2011 3:53 pm 
Offline
Forum Newbie

Joined: Tue Nov 14, 2006 6:57 pm
Posts: 15
Hey all,
I'm having a bit of a problem trying to set up a custom php script.
Here's what's going on:
I have an upload script that allows registered users to upload files to a temp /upload/ directory.
Upon review from admins the jpegs need to be copied to another folder.
At first I had a problem with open_basedir restrictions but after fixing that with a vhost.conf file I was able to bypass that.
My real issue now is not so much about php itself but rather related to linux permissions.
I get a permission denied when trying to copy the files and it's my understanding that apache/php does not have permission to write to the destination folder.
In theory I think I know what needs to be done I just don't have the linux skills to do this, so any help is greatly appreciated.

Here's what I'm thinking.
I need to give php write permission to the destination folder.
How can I tell which user is php?
How do I assign the permissions? chmod? Do I need to chown the directory as well?
Do I need to log in as root or can it be done through the admin account?
Lastly I need the domain admin account to be able to see those copied files via FTP. Do I need to chown the admin group as well?
Please be as detailed as possible. I'm a big noob but willing to learn fast

c


Top
 Profile  
 
 Post subject: Re: php permissions
PostPosted: Wed Sep 21, 2011 4:13 pm 
Offline
Forum Regular
User avatar

Joined: Tue Sep 28, 2010 11:41 am
Posts: 984
Location: Columbus, Ohio
"How can I tell which user is php?"

The correct question is which user does apache run under, as that is what executes the PHP. To find out, create a test directory, chmod 777 on that directory. make a php script that opens and writes to a test file. Then look in the directory to see the permsions on that file. You may need to make the final upload directory writeable by that user.

One thing to consider, can a web visitor upload a file and then call that file (even if they would need inside information like the actual directory). If so, protect the server by either only allowing certain extensions for upload or set the server to not allow execution of scripts from that directory. You do NOT want to chance allowing someone to upload and run a hack script on your server.

Oh, as for do you need to make the directory writeable as well. If you make the owner of the directory the user apache runs under, then no, just normal 755 will work. If you are not doing that, then you do need to make it 777.

For your last question, would need to know more about you admin account, how it is set up.

-Greg


Top
 Profile  
 
 Post subject: Re: php permissions
PostPosted: Wed Sep 21, 2011 4:33 pm 
Offline
Forum Newbie

Joined: Tue Nov 14, 2006 6:57 pm
Posts: 15
hey Greg thanks for your quick reply.
setup is:
dedicated box running RHEL with Plesk.
Plesk creates and manages vhosts from my understanding. each new account is created with and controlled by plesk.
each file uploaded thru ftp is owned by the domain admin used and the group is called 'psacln'.

the script will be secured to the best of my knowledge... only to accept jpegs. I've read a ton on this including everything on php.net scanit.be etc etc...
I will eventually get that part done correctly and as secure as possible.
However what I'm trying right now is just a quick test to see if my planning is correct and if I can implement it this way.
As I mentioned before I have limited exp with Linux and need any help I can get.
To answer your question:
"can a web visitor upload a file and then call that file (even if they would need inside information like the actual directory)?"
Answer is no. I want to have the temp /upload/ and /dest/ directories outside the web root.
File names will be changed automatically on upload as well.

My only problem is on how to set those permissions so that the files can still be accessed thru php.

c


Top
 Profile  
 
 Post subject: Re: php permissions
PostPosted: Thu Sep 22, 2011 1:15 pm 
Offline
Forum Newbie

Joined: Tue Nov 14, 2006 6:57 pm
Posts: 15
hey greg,
so how do I set apache/php as the owner of that /dest/ directory?
would this work even if that directory is above the web root? will php still be able to read/write to that directory???

thanks for your help

c


Top
 Profile  
 
 Post subject: Re: php permissions
PostPosted: Thu Sep 22, 2011 3:10 pm 
Offline
Forum Newbie

Joined: Tue Nov 14, 2006 6:57 pm
Posts: 15
after further digging and troubleshooting I'm even more confused...

the script file copy.php is owned by 'domainadmin' and the group is 'psacln' chmod 644
the dest folder is owned by 'domainadmin' and the group: 'psacln' chmod 755

I switched php from apache module to fastcgi. restarted apache and tried the script.
Permission denied.
However, if I set the dest folder to 777 the file gets copied fine but it shows as being owned by 'apache' group: 'apache'
Shouldn't fastcgi run php as the domain admin???

this is driving me nuts


Top
 Profile  
 
 Post subject: Re: php permissions
PostPosted: Thu Sep 22, 2011 4:00 pm 
Offline
Forum Regular
User avatar

Joined: Tue Sep 28, 2010 11:41 am
Posts: 984
Location: Columbus, Ohio
Hi, sorry I was out for a while do to illness. I'm not sure how fastcgi works, I have never used it.

When it comes to writing files, there is a setting in PHP, i forget which it is, that can set what path a it can write to. ie. on my server, cPanel sets up so that a php script cannot touch files outside the directory for the user the site is associated with. It CAN touch files outside of the web root (default is /home/users/publc_html, so it can access things in /home/user and any other directory in it)

-Greg


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group