files/folders; users; access rights; problems

Posted on 2003-11-30
Last Modified: 2006-11-17
I'm currently developping several scripts that will be creating folders and files on the webserver.
The script will also allow to upload files via HTTP.

I'm running into problems with access rights.
Since the webserver is running on the username "apache" and my account on the server is "doppy".
This results in problems with creating files or folders, removing files and folders, editing files and also uploading files.
I'm also having problems with downloading the files with FTP, I get the message that I'm not allowed to access the file.

How would I cope with these problems?
I'm sure someone has bumped into this before and I like to know how you solved the problem.
Question by:DoppyNL
  • 3
  • 2
  • 2
LVL 14

Assisted Solution

ThG earned 100 total points
ID: 9844944
Yes, many did.

Apache supports something called SuEXEC, which allows executing CGIs as the selected user. Unfortunately, this means that you have to compile your PHP as CGI version, which is probably something you don't want, as one of the nicest things of PHP is the ability to run as shared module, thus without any overhead.

Running it as shared module, you have no ways to solve your problem.
The only way to do that, is to chown everything to the apache user.

Author Comment

ID: 9848536
Indeed, I don't want to run PHP as CGI, to darn slow.

chown everything to apache?
But that would result in the problem that I cannot access the files via FTP...
Or do I also have to give certain access rights to each file and folder. Guess so...

So I will probably have to reset the access rights for each folder and file just after it is put on the server.
Any suggestions on what settings I should use?

Any other suggestions on how to approach this problem are also welcome.
Explenations on how you (the reader of this question) did this is also welcome! :)

Accepted Solution

ashoooo earned 150 total points
ID: 9868229
Try creating a small app that runs with root access and its sole purpose is to chown the files and folder. You can create the files and folders using the 'apache' account and then call this app to chown the files/folders using PHP.

... worth a try...
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

LVL 14

Expert Comment

ID: 9870983
OR you can use PHP as both CGI and shared module. Particularly, you need to make CGI all the parts that mess with the files (not for reading, that can be done with the shared module--thus with the apache UID).

and then again the SuEXEC support.

Author Comment

ID: 9903328
>> Try creating a small app that runs with root access and its sole purpose is to chown the files and folder. You can create the files and folders using the 'apache' account and then call this app to chown the files/folders using PHP.

I don't want an extra app that will run through all the files; I want a solution that does its job the moment I create a folder or a file.
But I am going to try to:
- set the owner of the file to "doppy" when it is created
- apply some access rights to the file/folder when it is created.

Will I be able to change the owner of the file/folder once it has been created?
What access rights should I give the file/folder once it has been created?

>>OR you can use PHP as both CGI and shared module.
Not an option I'm afraid; I don't have that much control over the server; they don't want PHP to run as CGI.

Note that I don't have much time to work on this for the next 2 weeks; So I may not reply as quickly as some may like.
I am watching this thread though and will award the points appropiatly :)
input so far has allready been usefull to some degree and very much appreciated!

Expert Comment

ID: 9904494
Doppy, you misunderstood me. What I meant by "its sole purpose is to chown the files and folder" is not that it runs recursively thru all the files and folders.

But, that you put it in the bin folder where it is accesible to you, and you call it from PHP using the 'system' (?) command with appropriate parameters so that it sets the ownership and permissions on only one file. It neednt even run in the background. You call it from PHP, it does its job, and quits.

I hope this makes things clearer to you.

>> Will I be able to change the owner of the file/folder once it has been created?
Yes you can. Will you do it programatically? Do you want to do it thru PHP? If yes, you'll need to use the chown and chmod utilities. Or you can use your custom app (that I suggested you build) to do the job. Or you can do it manually too.

Hope this helps

Author Comment

ID: 10010676
conclusion from my side:

- running as CGI is not an option, is not possible to implement that in the current site configuration.
- running a script regularly to reset the permissions is also not an option, as I need this to work on the fly.

I'm currently trying to solve it by creating folders and files with the correct permissions on the fly.
So when I create a folder, immediatly set the permissions correctly; same thing for files.
I'm starting with folders ofcourse.

I opened a new question for that purpose:
Feel free to read it or don't, it's up to you :).

Awarding points here as a thanks for the input and helping me in thinking in the right direction :)

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit ( and similar technologies have enjoyed wide adoption, making it possib…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question