Solved

Ownership problems when uploading files through php

Posted on 2004-09-02
5
184 Views
Last Modified: 2010-03-04
Hi,

I run apache2 and php and have a site that has an upload function which is used to upload pictures.

The problem is, when the files are uploaded, the owner and group are both set to apache, how can I change this so that I can specify who the owner and group are as it causes problems with our current backup system

Thanks
0
Comment
Question by:vibale
5 Comments
 
LVL 4

Expert Comment

by:TomDavidson
ID: 11964784
The easiest (but not most secure way) would be to chmod the file after uploading it [http://www.php.net/chmod].

Alternatively you could use the suexec mechanism of su_php to have all your scripts running as the user and group that you specify.
0
 
LVL 3

Accepted Solution

by:
pat5star earned 250 total points
ID: 11966095
TomDavidson's suggestion of suexec is the best solution but can be a little tricky. An ugly hack but something that will work quickly is to run a cron job as root every so often (say every hour, or whatever works best for you) that chown's the upload directory:

10 * * * * /bin/chown user:user /path/to/your/upload/directory/*

-Pat
0
 
LVL 15

Expert Comment

by:samri
ID: 11971678
i kinda like Pat'5star suggestion for some reason.  chmod deal with filesystem permission.  that way, let the os deal with it.  clean.  if (IMHO) done on apache, it would create another "items" to deal with.

Let apache do the web stuff, and os do the file-stuff.  keep it simple!

BUT TomDavidson suggestion should work just fine -- with some effort!.

Or another approach is to fix your current backup system -- as it sounds rather odd to me.
0
 

Author Comment

by:vibale
ID: 11971741
why isnt using the chmod php function secure?

I am trying to use it but I am getting the following error:


Warning: chown(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 139

Warning: chgrp(): Operation not permitted in /home/httpd/vhosts/sitename/system/admin_global.php on line 140
0
 
LVL 15

Expert Comment

by:samri
ID: 11972355
vibale,

to be honest, I do not have much experience on php.  however, my note is just based on my past experience that it is best to get a component to do what the job that it's best for.  And specific to this case, I would believe that chmod stuff would be very straightforward to be done at OS level.

Did some ckecup on PHP forum --
http://www.phpbuilder.com/lists/php-general/2001112/1397.php

And yes, it goes back to the fact that apache process is running under a user "Apache" (or "http"), and not root.  In this case, it would not be possible to do the chown and chgrp to other user.  I am not sure how if there is any facility in PHP that could be enabled to allow this.  But one thing that you could try would be getting apache to run as root -- then the chown and chgrp in php should work.  However, from my past experience, getting apache to run as root would be a living-nightmare.  messy.

another option is suExec! http://httpd.apache.org/docs-2.0/suexec.html  Then again, even suExec would not let you switch id to root.  Other userid would be possible.

Looking at the complexity, I would still recommend the cron thing.  Add the line to your root crontab and you are done.  Don't worry about file locking, what happens if the user uploaded file after the cron runs (since you practically could run the cron every minute -- if you need to!).

hope this would help.

0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now