• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

using chown from within PHP

Can anyone help with syntax to chown maildirs from within a php script that is owned by apache. I am trying to get sudo to work without succes.  I am using PHP 4 on Redhat
0
dachande
Asked:
dachande
  • 2
1 Solution
 
mobiusNZCommented:
The apache process can't sudo by default, and for VERY good reason - by allowing it to do so you're basically opening your server up for attack.

A better way would be to give the apache account group access to the maildirs - although even then I'm not too sure why you'd want to do that. Perhaps you could elaborate on what it is you're trying to achieve?
0
 
dachandeAuthor Commented:
Thank you for your prompt reply. We have a webmail server. When a new account is created, the ownerships on the newly creatred maildir is apache:apache. In order for users to be able to access their maildir, the ownership needs to be vmail:apache. The developer left a line chown -R .......  in the PHP, but it fails to change ownership.  I suspect this is because the command has to be run with root privileges.

I hope this info clarifies my situation sufficiently for you to propose a fix.

kind regards,

Mark
0
 
mobiusNZCommented:
From one of the comments at http://php.net/manual/en/function.chown.php:

"For most modern Linux systems your apache user should not be run as root, and in order to change the ownership of a file or directory, you need to be root. To get around this problem you can use sudo, but be careful with what permissions you give. Here is an example which is working for me:

www-data        ALL = NOPASSWD: /bin/chown 1[1-9][0-9][0-9]\:1[1-9][0-9][0-9] /home/www/[a-zA-Z0-9]*

This allows the apache server to change ownership of files in /home/www with name containing a-z, A-Z or numbers (note: no subdirectories). The only valid input of userid is a four digit numeric id, between 1100 and 1999."


Basically you can edit your sudoer's file (usually in /etc/) and add a line that allows apache to run the /bin/chown file. Whether you use the other restrictions (like the numeric id's or the specific directory)



0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now