?
Solved

Ownership problems when uploading files through php

Posted on 2004-09-02
5
Medium Priority
?
191 Views
Last Modified: 2010-03-04
Hi,

I run apache2 and php and have a site that has an upload function which is used to upload pictures.

The problem is, when the files are uploaded, the owner and group are both set to apache, how can I change this so that I can specify who the owner and group are as it causes problems with our current backup system

Thanks
0
Comment
Question by:vibale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Expert Comment

by:TomDavidson
ID: 11964784
The easiest (but not most secure way) would be to chmod the file after uploading it [http://www.php.net/chmod].

Alternatively you could use the suexec mechanism of su_php to have all your scripts running as the user and group that you specify.
0
 
LVL 3

Accepted Solution

by:
pat5star earned 1000 total points
ID: 11966095
TomDavidson's suggestion of suexec is the best solution but can be a little tricky. An ugly hack but something that will work quickly is to run a cron job as root every so often (say every hour, or whatever works best for you) that chown's the upload directory:

10 * * * * /bin/chown user:user /path/to/your/upload/directory/*

-Pat
0
 
LVL 15

Expert Comment

by:samri
ID: 11971678
i kinda like Pat'5star suggestion for some reason.  chmod deal with filesystem permission.  that way, let the os deal with it.  clean.  if (IMHO) done on apache, it would create another "items" to deal with.

Let apache do the web stuff, and os do the file-stuff.  keep it simple!

BUT TomDavidson suggestion should work just fine -- with some effort!.

Or another approach is to fix your current backup system -- as it sounds rather odd to me.
0
 

Author Comment

by:vibale
ID: 11971741
why isnt using the chmod php function secure?

I am trying to use it but I am getting the following error:


Warning: chown(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 139

Warning: chgrp(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 140
0
 
LVL 15

Expert Comment

by:samri
ID: 11972355
vibale,

to be honest, I do not have much experience on php.  however, my note is just based on my past experience that it is best to get a component to do what the job that it's best for.  And specific to this case, I would believe that chmod stuff would be very straightforward to be done at OS level.

Did some ckecup on PHP forum --
http://www.phpbuilder.com/lists/php-general/2001112/1397.php

And yes, it goes back to the fact that apache process is running under a user "Apache" (or "http"), and not root.  In this case, it would not be possible to do the chown and chgrp to other user.  I am not sure how if there is any facility in PHP that could be enabled to allow this.  But one thing that you could try would be getting apache to run as root -- then the chown and chgrp in php should work.  However, from my past experience, getting apache to run as root would be a living-nightmare.  messy.

another option is suExec! http://httpd.apache.org/docs-2.0/suexec.html  Then again, even suExec would not let you switch id to root.  Other userid would be possible.

Looking at the complexity, I would still recommend the cron thing.  Add the line to your root crontab and you are done.  Don't worry about file locking, what happens if the user uploaded file after the cron runs (since you practically could run the cron every minute -- if you need to!).

hope this would help.

0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question