Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Ownership problems when uploading files through php

Posted on 2004-09-02
5
Medium Priority
?
193 Views
Last Modified: 2010-03-04
Hi,

I run apache2 and php and have a site that has an upload function which is used to upload pictures.

The problem is, when the files are uploaded, the owner and group are both set to apache, how can I change this so that I can specify who the owner and group are as it causes problems with our current backup system

Thanks
0
Comment
Question by:vibale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Expert Comment

by:TomDavidson
ID: 11964784
The easiest (but not most secure way) would be to chmod the file after uploading it [http://www.php.net/chmod].

Alternatively you could use the suexec mechanism of su_php to have all your scripts running as the user and group that you specify.
0
 
LVL 3

Accepted Solution

by:
pat5star earned 1000 total points
ID: 11966095
TomDavidson's suggestion of suexec is the best solution but can be a little tricky. An ugly hack but something that will work quickly is to run a cron job as root every so often (say every hour, or whatever works best for you) that chown's the upload directory:

10 * * * * /bin/chown user:user /path/to/your/upload/directory/*

-Pat
0
 
LVL 15

Expert Comment

by:samri
ID: 11971678
i kinda like Pat'5star suggestion for some reason.  chmod deal with filesystem permission.  that way, let the os deal with it.  clean.  if (IMHO) done on apache, it would create another "items" to deal with.

Let apache do the web stuff, and os do the file-stuff.  keep it simple!

BUT TomDavidson suggestion should work just fine -- with some effort!.

Or another approach is to fix your current backup system -- as it sounds rather odd to me.
0
 

Author Comment

by:vibale
ID: 11971741
why isnt using the chmod php function secure?

I am trying to use it but I am getting the following error:


Warning: chown(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 139

Warning: chgrp(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 140
0
 
LVL 15

Expert Comment

by:samri
ID: 11972355
vibale,

to be honest, I do not have much experience on php.  however, my note is just based on my past experience that it is best to get a component to do what the job that it's best for.  And specific to this case, I would believe that chmod stuff would be very straightforward to be done at OS level.

Did some ckecup on PHP forum --
http://www.phpbuilder.com/lists/php-general/2001112/1397.php

And yes, it goes back to the fact that apache process is running under a user "Apache" (or "http"), and not root.  In this case, it would not be possible to do the chown and chgrp to other user.  I am not sure how if there is any facility in PHP that could be enabled to allow this.  But one thing that you could try would be getting apache to run as root -- then the chown and chgrp in php should work.  However, from my past experience, getting apache to run as root would be a living-nightmare.  messy.

another option is suExec! http://httpd.apache.org/docs-2.0/suexec.html  Then again, even suExec would not let you switch id to root.  Other userid would be possible.

Looking at the complexity, I would still recommend the cron thing.  Add the line to your root crontab and you are done.  Don't worry about file locking, what happens if the user uploaded file after the cron runs (since you practically could run the cron every minute -- if you need to!).

hope this would help.

0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses
Course of the Month9 days, 18 hours left to enroll

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question