[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 591
  • Last Modified:

Change apache to SUPERUSER on centos4

Hi,

I'm trying to run a php script, however when i create a folder on my server in php, it only allows apache to upload to the folder, so what I need to do is change apache to a superuser then I can chown and chgrp to the ftp user....

then everything will work ok :)

How can i change apache to superuser?
0
Wicked-Websites
Asked:
Wicked-Websites
  • 17
  • 7
  • 4
  • +2
1 Solution
 
Deepak KosarajuCommented:
Its better you set suid on the folder.

chmod -R u+s <folder name>

Open in new window

0
 
joolsCommented:
If you do that you may not only have some Wicked-Websites but possibly some Wicked-Compromised-Websites.

0
 
NoiSCommented:
If the trouble is only with permissions on dirs use PHP FTP functions.

See this topic
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23872802.html?cid=238#a22888947
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
arrkerr1024Commented:
Running apache as root is a really really horrible idea, but your problem is legitimate.  You should try to find another way around it.  Maybe running ftp as the same user as apache.  Or making them both part of the same group.  Or scheduling a chown/chgrp from cron to fix your upload directory.  Or buy replacing ftp with a web-based file management solution.
0
 
Wicked-WebsitesAuthor Commented:
well if i explain some more, maybe you guys can point me in the right direction.

mkdir($thisdir . '/' . $login , 0777, true)

in php im running the above script, however it does not set the directory to 777, and the owner is apache, however when I try to upload photos to the folder i log in as ftpusername, and then I get a permission denied error, so i then try to chown the directory but apparently only a superuser can do that, and obviously apache isnt, so it denies that...

I'm lost with how to get this working now...
0
 
Deepak KosarajuCommented:
Create a group called global
Add apache and ftpuser's to a group called global
and set guid on that folder where are u trying to upload u r photos
This will fix this....
chmod g+s <directory>

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
hi, how I dont use linux hardly at all, however I do have SSH access directly to my server (remotely)

how do i create groups - add the users and set the guid etc?
0
 
Deepak KosarajuCommented:
following is the procedure to do it

groupadd global
usermod -G global apache
usermod -G global ftpuser
if you have multiple ftp user to be added to the group then open /etc/group and append the user name after group id separated each user by , 
global:x:555:
like
global:x:555:apache,ftpuser1,ftpuser2,ftpuser3
and then execute 
grpconv 
command to update the gshadow file and backup old gshadow file under /etc 
chown -R apache.global <php upload dir>
chmod -R g+s <php upload dir>

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
agh! ok....

when i visit the website now i see

Error 403 Forbidden
"You do not have permission to access this document"

Whats happened?
0
 
Deepak KosarajuCommented:
Are you sure apache is the owner for the folder.
0
 
joolsCommented:
I can't remember is selinux is enabled for apache on centos 4.... anyone?
Micht be worth a quick look in the audit log for errors.
0
 
Wicked-WebsitesAuthor Commented:
I just logged in to the ftp server.

I have a folder called clients. set to apache / global
all folders inside are created dynamically by php, but this is just not working :(

it creates the folder, as apache / global but as 700, and if i try and delete it is now says directory does not exist, however it is there!

I'm lost now...
0
 
Wicked-WebsitesAuthor Commented:
and i added ftpiwphoto to the group global as per the instructions, but if i try and delete or anything then it just says permission denied..
0
 
NoiSCommented:
Did you try to use PHP-FTP functions?

I guess that is the best solution for your problem.

Look, When you create the dir with PHP FTP functions the owner will be everyone that you inform on script, not the apache user, so, when you connect by FTP or SSH to your server you will be able to mange this folders and files. Off course that you need the same functions to manage the files and the final code will be bigger than normal code.

Try this code
<?php
// Connection
$conn_id = ftp_connect('ftp://localhost');
 
// autenticating 
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
 
// connecting
if ($conn_id && $login_result) {
  // Creating the dir
  if (ftp_mkdir($conn_id, $dir)) {
    echo "successfully created $dir\n";
  } else {
    echo "There was a problem while creating $dir\n";
  }
 
   // Putting files
   if(!ftp_put($conn_id, $destination_file, $source_file, FTP_BINARY)){
      echo "There was a problem while putting $source_file\n";
   }
 
  // Colse connection
  ftp_close($conn_id);
}

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
Hi,

yes I see your point, however my code seems much simpler (but doesnt work lol)

How could I fit that code in now?
<?php
$thisdir = "/var/www/vhosts/domain.co.uk/httpdocs/clients";
$login = $_GET['login'];
$user = $_GET['user'];
 
$getpics = "/var/www/vhosts/domain.co.uk/httpdocs/clients/getpics.php";
$newdir = "/var/www/vhosts/domain.co.uk/httpdocs/clients/$login/getpics.php";
 
if (is_dir($thisdir . '/' . $login) )
{
}
else
{
	if(mkdir($thisdir . '/' . $login , 0777, true)){
		//chown($thisdir . '/' . $login, 'ftpiwphoto');
		//chgrp($thisdir . '/' . $login, 'psacln');
}
 
else
{
   echo "<p class='footer'>Failed to create directory... <br> Contact <a href='mailto:drew@wicked-websites.co.uk'>Wicked Websites</a></p>";
} 
 
copy("$getpics", "$newdir"); }
?>

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
hmm, actually I've just had a go :)


<?php
$thisdir = "/var/www/vhosts/domain.co.uk/httpdocs/clients";
$login = $_GET['login'];
$user = $_GET['user'];
 
$getpics = "/var/www/vhosts/domain.co.uk/httpdocs/clients/getpics.php";
$newdir = "/var/www/vhosts/domain.co.uk/httpdocs/clients/$login/getpics.php";
$dir = "$thisdir" . '/' . "$login";
 
// Connection
$conn_id = ftp_connect('ftp://localhost');
$ftpuser = "ftpXXX";
$ftppass = "XXXXXX";
 
// autenticating 
$login_result = ftp_login($conn_id, $ftpuser, $ftppass);
 
// connecting
if ($conn_id && $login_result) {
 
// Creating the dir
if (ftp_mkdir($conn_id, $dir)) {
    echo "successfully created $dir\n";
} else {
    echo "There was a problem while creating $dir\n";
} 
 
//Copy files
copy("$getpics", "$newdir");
 
// Close connection
  ftp_close($conn_id);
}

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
oh, ok, when I run the script i get this error:

Warning: ftp_connect() [function.ftp-connect]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 11

Warning: ftp_login() expects parameter 1 to be resource, boolean given in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 16
0
 
Wicked-WebsitesAuthor Commented:
ok, getting there...

i changed it from ftp://localhost to ftp.domain.co.uk

now i get this error:

Warning: ftp_mkdir() [function.ftp-mkdir]: /var/www/vhosts/domain.co.uk/httpdocs/clients/test: No such file or directory in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 22
0
 
NoiSCommented:
Try with this code...
<?php
 
// initianting vars
$thisdir = "/var/www/vhosts/domain.co.uk/httpdocs/clients";
$login = $_GET['login'];
$user = $_GET['user'];
 
$getpics = "/var/www/vhosts/domain.co.uk/httpdocs/clients/getpics.php";
$newdir = "/var/www/vhosts/domain.co.uk/httpdocs/clients/$login/getpics.php";
 
$ftp_user_name='username';	// PUT YOUR FTP USER HERE
$ftp_user_pass='pass';	// PUT YOUR FTP PASSWORD HERE
 
// Connection
$conn_id = ftp_connect('ftp://localhost');	// Change to your hostname if needed
 
// autenticating
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
 
// connecting
if ($conn_id && $login_result) {
	$dir = $thisdir . DIRECTORY_SEPARATOR . $login;
	if (!is_dir($dir) ){
		
		// Creating the dir with the FTP user owner
		if (ftp_mkdir($conn_id, $dir)) {
			echo "successfully created $dir\n";
		} else {
			echo "<p class='footer'>Failed to create directory... <br> Contact <a href='mailto:drew@wicked-websites.co.uk'>Wicked Websites</a></p>";
		}
	}
 
	// At this point, the folder was created with FTP user permissions
	// You can continue with this code or the code commented
	// copying file
	if(!ftp_exec($conn_id,"cp $getpics $newdir")){
		echo "Failed to copy $getpics to $newdir";	// fail if the FTP user cannot read $getpics
	}	 
	// Close connection
	ftp_close($conn_id);
}
	// try this code, if it works is better than copy code above  
//	copy("$getpics", "$newdir");
//	chmod($newdir,0775); 	
?>

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
thank you for that,

I've just used it but I get :

Warning: ftp_mkdir() [function.ftp-mkdir]: /var/www/vhosts/domain.co.uk/httpdocs/clients/test: No such file or directory in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 25

Failed to create directory...
Contact Wicked Websites


Warning: ftp_exec() [function.ftp-exec]: 'SITE EXEC' not understood in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 35
Failed to copy /var/www/vhosts/domain.co.uk/httpdocs/clients/getpics.php to /var/www/vhosts/domain.co.uk/httpdocs/clients/test/getpics.php
0
 
NoiSCommented:
Try changing Lines 35~38 to

// upload a file
if (ftp_put($conn_id, $newdir, $getpics, FTP_ASCII)) {
 echo "successfully uploaded $getpics\n";
} else {
 echo "There was a problem while uploading $getpics\n";
}

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
hmmm, i still get

Warning: ftp_mkdir() [function.ftp-mkdir]: /var/www/vhosts/domain.co.uk/httpdocs/clients/test: No such file or directory in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 25

Failed to create directory...
Contact Wicked Websites


Warning: ftp_put() [function.ftp-put]: /var/www/vhosts/domain.co.uk/httpdocs/clients/test/getpics.php: No such file or directory in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 35
There was a problem while uploading /var/www/vhosts/domain.co.uk/httpdocs/clients/getpics.php
0
 
Wicked-WebsitesAuthor Commented:
looks like its a problem with creating the dir rather than uploading the file :(
0
 
NoiSCommented:
Yes. You're right.

Its a path problem.

Log in to your host with the User and Pass used on scritp.
try to see what your home folder, read the source folder and destination folder. (ls -a

Maybe your FTP user don't have acces anymore to your DOC_ROOT and you need to change it.

Maybe if you remove the DOC_ROOT from dirs used on FTP will work

$thisdir = str_replace($_SERVER['DOCUMENT_ROOT']."/","","/var/www/vhosts/domain.co.uk/httpdocs/clients";
or
// $thisdir = str_replace($_SERVER['DOCUMENT_ROOT'],"","/var/www/vhosts/domain.co.uk/httpdocs/clients";
 
$getpics = $thisdir . "/getpics.php";
$newdir = $thisdir . "/$login/getpics.php";

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
hey,

I've looked and the root is httpdocs

so the path to the folder is /var/www/vhosts/domain.co.uk/httpdocs/clients

the ftp access is correct, so there really is no reason why this doesnt work :(
0
 
Wicked-WebsitesAuthor Commented:
i dont understand the error:

Warning: ftp_mkdir() [function.ftp-mkdir]: /var/www/vhosts/domain.co.uk/httpdocs/clients/test: No such file or directory in /var/www/vhosts/domain.co.uk/httpsdocs/photographer/createadmin/create.php on line 25

because obviously clients/test doesnt exist, thats why im trying to mk_dir test
0
 
Wicked-WebsitesAuthor Commented:
if im using the ftp system do i need /var/www/vhosts/domain.co.uk/httpdocs/clients/test or httpdocs/clients/test because /var/www-etc is the linux root, not the web root....
0
 
Wicked-WebsitesAuthor Commented:
hahaha, ok, so fixed the create directory!!!

it was the linux path!!!!

so i've attached the new code! it creates the folder, but cannot seem to copy the getpics.php file...


<?php
// initianting vars
$login = $_GET['login'];
$user = $_GET['user'];
///var/www/vhosts/iwphoto.co.uk/
$getpics = "httpdocs/clients/getpics.php";
$newdir = "httpdocs/clients/$login/getpics.php";
$thisdir = "httpdocs/clients";
 
$dir = $thisdir . DIRECTORY_SEPARATOR . $login;
 
$ftp_user_name='ftpiwphoto';	// PUT YOUR FTP USER HERE
$ftp_user_pass='imagine';	// PUT YOUR FTP PASSWORD HERE
 
// Connection
$conn_id = ftp_connect('iwphoto.co.uk');	// Change to your hostname if needed
 
// autenticating
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
 
// connecting
if ($conn_id && $login_result) {
	
	if (!is_dir($dir) ){
	
		// Creating the dir with the FTP user owner
			if (ftp_mkdir($conn_id, $dir)) {
			} else {
				echo "<p class='footer'>Failed to create directory... <br> Contact <a href='mailto:drew@wicked-websites.co.uk'>Wicked Websites</a></p>";
			}
		}	
 
	// At this point, the folder was created with FTP user permissions
 
// upload a file
if (ftp_put($conn_id, $newdir, $getpics, FTP_ASCII)) {
 echo "successfully uploaded $getpics\n";
} else {
 echo "There was a problem while uploading $getpics\n";
}
	 
	// Close connection
	ftp_close($conn_id);
}
?>

Open in new window

0
 
Wicked-WebsitesAuthor Commented:
also once the folder has been created, if you access the page again, it says

Failed to create directory... <br> Contact <a href='mailto:drew@wicked-websites.co.uk'>Wicked Websites</a>

but its suposed to ignore everything below

if (!is_dir($dir) ){
 //Creating the dir with the FTP user owner
   if (ftp_mkdir($conn_id, $dir)) {
    } else {
    echo "<p class='footer'>Failed to create directory... <br> Contact <a href='mailto:drew@wicked-websites.co.uk'>Wicked Websites</a></p>";
  }
}      
0
 
NoiSCommented:
Is Possible that the apache cannot see $dir contents so is_dir($dir) returns false.
Try changing the chmod via ftp with :

ftp_chmod($dir,0775); after ftp_mkdir(); // don't forget to delete it first by FTP gui.

About copy, (Don't forget about the correct path)
Try with the first copy code
        if(!ftp_exec($conn_id,"cp $getpics $newdir")){
                echo "Failed to copy $getpics to $newdir";      // fail if the FTP user cannot read $getpics
        }  

If don't work, try this code
// upload a file
if (ftp_put($conn_id, $newdir, $getpics, FTP_BINARY)) {
 echo "successfully uploaded $getpics\n";
} else {
 echo "There was a problem while uploading $getpics\n";
}

Or try this last code

Just change $newdir to have the realpath, not the relative path
$newdir must be php readable and $getpics ftp readable path
      copy("$getpics", "$newdir");
      chmod($newdir,0775);  

Its all that I have for you.
0
 
NoiSCommented:
Just putting lines in correct place...

Just change $newdir to have the realpath, not the relative path
$newdir must be php readable and $getpics ftp readable path
=====================================================
Or try this last code
      copy("$getpics", "$newdir");
      chmod($newdir,0775);  

Its all that I have for you.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 17
  • 7
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now