files/folders; users; access rights; problems

Posted on 2003-11-30
Last Modified: 2006-11-17
I'm currently developping several scripts that will be creating folders and files on the webserver.
The script will also allow to upload files via HTTP.

I'm running into problems with access rights.
Since the webserver is running on the username "apache" and my account on the server is "doppy".
This results in problems with creating files or folders, removing files and folders, editing files and also uploading files.
I'm also having problems with downloading the files with FTP, I get the message that I'm not allowed to access the file.

How would I cope with these problems?
I'm sure someone has bumped into this before and I like to know how you solved the problem.
Question by:DoppyNL
  • 3
  • 2
  • 2
LVL 14

Assisted Solution

ThG earned 100 total points
ID: 9844944
Yes, many did.

Apache supports something called SuEXEC, which allows executing CGIs as the selected user. Unfortunately, this means that you have to compile your PHP as CGI version, which is probably something you don't want, as one of the nicest things of PHP is the ability to run as shared module, thus without any overhead.

Running it as shared module, you have no ways to solve your problem.
The only way to do that, is to chown everything to the apache user.

Author Comment

ID: 9848536
Indeed, I don't want to run PHP as CGI, to darn slow.

chown everything to apache?
But that would result in the problem that I cannot access the files via FTP...
Or do I also have to give certain access rights to each file and folder. Guess so...

So I will probably have to reset the access rights for each folder and file just after it is put on the server.
Any suggestions on what settings I should use?

Any other suggestions on how to approach this problem are also welcome.
Explenations on how you (the reader of this question) did this is also welcome! :)

Accepted Solution

ashoooo earned 150 total points
ID: 9868229
Try creating a small app that runs with root access and its sole purpose is to chown the files and folder. You can create the files and folders using the 'apache' account and then call this app to chown the files/folders using PHP.

... worth a try...
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

LVL 14

Expert Comment

ID: 9870983
OR you can use PHP as both CGI and shared module. Particularly, you need to make CGI all the parts that mess with the files (not for reading, that can be done with the shared module--thus with the apache UID).

and then again the SuEXEC support.

Author Comment

ID: 9903328
>> Try creating a small app that runs with root access and its sole purpose is to chown the files and folder. You can create the files and folders using the 'apache' account and then call this app to chown the files/folders using PHP.

I don't want an extra app that will run through all the files; I want a solution that does its job the moment I create a folder or a file.
But I am going to try to:
- set the owner of the file to "doppy" when it is created
- apply some access rights to the file/folder when it is created.

Will I be able to change the owner of the file/folder once it has been created?
What access rights should I give the file/folder once it has been created?

>>OR you can use PHP as both CGI and shared module.
Not an option I'm afraid; I don't have that much control over the server; they don't want PHP to run as CGI.

Note that I don't have much time to work on this for the next 2 weeks; So I may not reply as quickly as some may like.
I am watching this thread though and will award the points appropiatly :)
input so far has allready been usefull to some degree and very much appreciated!

Expert Comment

ID: 9904494
Doppy, you misunderstood me. What I meant by "its sole purpose is to chown the files and folder" is not that it runs recursively thru all the files and folders.

But, that you put it in the bin folder where it is accesible to you, and you call it from PHP using the 'system' (?) command with appropriate parameters so that it sets the ownership and permissions on only one file. It neednt even run in the background. You call it from PHP, it does its job, and quits.

I hope this makes things clearer to you.

>> Will I be able to change the owner of the file/folder once it has been created?
Yes you can. Will you do it programatically? Do you want to do it thru PHP? If yes, you'll need to use the chown and chmod utilities. Or you can use your custom app (that I suggested you build) to do the job. Or you can do it manually too.

Hope this helps

Author Comment

ID: 10010676
conclusion from my side:

- running as CGI is not an option, is not possible to implement that in the current site configuration.
- running a script regularly to reset the permissions is also not an option, as I need this to work on the fly.

I'm currently trying to solve it by creating folders and files with the correct permissions on the fly.
So when I create a folder, immediatly set the permissions correctly; same thing for files.
I'm starting with folders ofcourse.

I opened a new question for that purpose:
Feel free to read it or don't, it's up to you :).

Awarding points here as a thanks for the input and helping me in thinking in the right direction :)

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Installer 5 37
PHP curl issue VERBOSE output 18 81
how to use Initialization Vector for openssl_encrypt() 5 56
PHP Curl to output a url 7 46
Part of the Global Positioning System A geocode ( is the major subset of a GPS coordinate (, the other parts being the altitude and t…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question