files/folders; users; access rights; problems

Posted on 2003-11-30
Last Modified: 2006-11-17
I'm currently developping several scripts that will be creating folders and files on the webserver.
The script will also allow to upload files via HTTP.

I'm running into problems with access rights.
Since the webserver is running on the username "apache" and my account on the server is "doppy".
This results in problems with creating files or folders, removing files and folders, editing files and also uploading files.
I'm also having problems with downloading the files with FTP, I get the message that I'm not allowed to access the file.

How would I cope with these problems?
I'm sure someone has bumped into this before and I like to know how you solved the problem.
Question by:DoppyNL
  • 3
  • 2
  • 2
LVL 14

Assisted Solution

ThG earned 100 total points
ID: 9844944
Yes, many did.

Apache supports something called SuEXEC, which allows executing CGIs as the selected user. Unfortunately, this means that you have to compile your PHP as CGI version, which is probably something you don't want, as one of the nicest things of PHP is the ability to run as shared module, thus without any overhead.

Running it as shared module, you have no ways to solve your problem.
The only way to do that, is to chown everything to the apache user.

Author Comment

ID: 9848536
Indeed, I don't want to run PHP as CGI, to darn slow.

chown everything to apache?
But that would result in the problem that I cannot access the files via FTP...
Or do I also have to give certain access rights to each file and folder. Guess so...

So I will probably have to reset the access rights for each folder and file just after it is put on the server.
Any suggestions on what settings I should use?

Any other suggestions on how to approach this problem are also welcome.
Explenations on how you (the reader of this question) did this is also welcome! :)

Accepted Solution

ashoooo earned 150 total points
ID: 9868229
Try creating a small app that runs with root access and its sole purpose is to chown the files and folder. You can create the files and folders using the 'apache' account and then call this app to chown the files/folders using PHP.

... worth a try...
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

LVL 14

Expert Comment

ID: 9870983
OR you can use PHP as both CGI and shared module. Particularly, you need to make CGI all the parts that mess with the files (not for reading, that can be done with the shared module--thus with the apache UID).

and then again the SuEXEC support.

Author Comment

ID: 9903328
>> Try creating a small app that runs with root access and its sole purpose is to chown the files and folder. You can create the files and folders using the 'apache' account and then call this app to chown the files/folders using PHP.

I don't want an extra app that will run through all the files; I want a solution that does its job the moment I create a folder or a file.
But I am going to try to:
- set the owner of the file to "doppy" when it is created
- apply some access rights to the file/folder when it is created.

Will I be able to change the owner of the file/folder once it has been created?
What access rights should I give the file/folder once it has been created?

>>OR you can use PHP as both CGI and shared module.
Not an option I'm afraid; I don't have that much control over the server; they don't want PHP to run as CGI.

Note that I don't have much time to work on this for the next 2 weeks; So I may not reply as quickly as some may like.
I am watching this thread though and will award the points appropiatly :)
input so far has allready been usefull to some degree and very much appreciated!

Expert Comment

ID: 9904494
Doppy, you misunderstood me. What I meant by "its sole purpose is to chown the files and folder" is not that it runs recursively thru all the files and folders.

But, that you put it in the bin folder where it is accesible to you, and you call it from PHP using the 'system' (?) command with appropriate parameters so that it sets the ownership and permissions on only one file. It neednt even run in the background. You call it from PHP, it does its job, and quits.

I hope this makes things clearer to you.

>> Will I be able to change the owner of the file/folder once it has been created?
Yes you can. Will you do it programatically? Do you want to do it thru PHP? If yes, you'll need to use the chown and chmod utilities. Or you can use your custom app (that I suggested you build) to do the job. Or you can do it manually too.

Hope this helps

Author Comment

ID: 10010676
conclusion from my side:

- running as CGI is not an option, is not possible to implement that in the current site configuration.
- running a script regularly to reset the permissions is also not an option, as I need this to work on the fly.

I'm currently trying to solve it by creating folders and files with the correct permissions on the fly.
So when I create a folder, immediatly set the permissions correctly; same thing for files.
I'm starting with folders ofcourse.

I opened a new question for that purpose:
Feel free to read it or don't, it's up to you :).

Awarding points here as a thanks for the input and helping me in thinking in the right direction :)

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
spacing 5 29
.htaccess file settings 4 35
php documentation 4 21
WampServer not functioning remotely on port 80 10 20
Introduction Many web sites contain image galleries; a common design for these galleries includes a page with a collection of thumbnail images.  You can click on each of the thumbnail images to see the larger version of the image.  This is easily i…
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit ( and similar technologies have enjoyed wide adoption, making it possib…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now