Solved

Ownership problems when uploading files through php

Posted on 2004-09-02
5
190 Views
Last Modified: 2010-03-04
Hi,

I run apache2 and php and have a site that has an upload function which is used to upload pictures.

The problem is, when the files are uploaded, the owner and group are both set to apache, how can I change this so that I can specify who the owner and group are as it causes problems with our current backup system

Thanks
0
Comment
Question by:vibale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Expert Comment

by:TomDavidson
ID: 11964784
The easiest (but not most secure way) would be to chmod the file after uploading it [http://www.php.net/chmod].

Alternatively you could use the suexec mechanism of su_php to have all your scripts running as the user and group that you specify.
0
 
LVL 3

Accepted Solution

by:
pat5star earned 250 total points
ID: 11966095
TomDavidson's suggestion of suexec is the best solution but can be a little tricky. An ugly hack but something that will work quickly is to run a cron job as root every so often (say every hour, or whatever works best for you) that chown's the upload directory:

10 * * * * /bin/chown user:user /path/to/your/upload/directory/*

-Pat
0
 
LVL 15

Expert Comment

by:samri
ID: 11971678
i kinda like Pat'5star suggestion for some reason.  chmod deal with filesystem permission.  that way, let the os deal with it.  clean.  if (IMHO) done on apache, it would create another "items" to deal with.

Let apache do the web stuff, and os do the file-stuff.  keep it simple!

BUT TomDavidson suggestion should work just fine -- with some effort!.

Or another approach is to fix your current backup system -- as it sounds rather odd to me.
0
 

Author Comment

by:vibale
ID: 11971741
why isnt using the chmod php function secure?

I am trying to use it but I am getting the following error:


Warning: chown(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 139

Warning: chgrp(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 140
0
 
LVL 15

Expert Comment

by:samri
ID: 11972355
vibale,

to be honest, I do not have much experience on php.  however, my note is just based on my past experience that it is best to get a component to do what the job that it's best for.  And specific to this case, I would believe that chmod stuff would be very straightforward to be done at OS level.

Did some ckecup on PHP forum --
http://www.phpbuilder.com/lists/php-general/2001112/1397.php

And yes, it goes back to the fact that apache process is running under a user "Apache" (or "http"), and not root.  In this case, it would not be possible to do the chown and chgrp to other user.  I am not sure how if there is any facility in PHP that could be enabled to allow this.  But one thing that you could try would be getting apache to run as root -- then the chown and chgrp in php should work.  However, from my past experience, getting apache to run as root would be a living-nightmare.  messy.

another option is suExec! http://httpd.apache.org/docs-2.0/suexec.html  Then again, even suExec would not let you switch id to root.  Other userid would be possible.

Looking at the complexity, I would still recommend the cron thing.  Add the line to your root crontab and you are done.  Don't worry about file locking, what happens if the user uploaded file after the cron runs (since you practically could run the cron every minute -- if you need to!).

hope this would help.

0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question