using chown from within PHP

Posted on 2010-01-05
Last Modified: 2013-11-10
Can anyone help with syntax to chown maildirs from within a php script that is owned by apache. I am trying to get sudo to work without succes.  I am using PHP 4 on Redhat
Question by:dachande
    LVL 2

    Expert Comment

    The apache process can't sudo by default, and for VERY good reason - by allowing it to do so you're basically opening your server up for attack.

    A better way would be to give the apache account group access to the maildirs - although even then I'm not too sure why you'd want to do that. Perhaps you could elaborate on what it is you're trying to achieve?

    Author Comment

    Thank you for your prompt reply. We have a webmail server. When a new account is created, the ownerships on the newly creatred maildir is apache:apache. In order for users to be able to access their maildir, the ownership needs to be vmail:apache. The developer left a line chown -R .......  in the PHP, but it fails to change ownership.  I suspect this is because the command has to be run with root privileges.

    I hope this info clarifies my situation sufficiently for you to propose a fix.

    kind regards,

    LVL 2

    Accepted Solution

    From one of the comments at

    "For most modern Linux systems your apache user should not be run as root, and in order to change the ownership of a file or directory, you need to be root. To get around this problem you can use sudo, but be careful with what permissions you give. Here is an example which is working for me:

    www-data        ALL = NOPASSWD: /bin/chown 1[1-9][0-9][0-9]\:1[1-9][0-9][0-9] /home/www/[a-zA-Z0-9]*

    This allows the apache server to change ownership of files in /home/www with name containing a-z, A-Z or numbers (note: no subdirectories). The only valid input of userid is a four digit numeric id, between 1100 and 1999."

    Basically you can edit your sudoer's file (usually in /etc/) and add a line that allows apache to run the /bin/chown file. Whether you use the other restrictions (like the numeric id's or the specific directory)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    This is a general how to create your own custom plugin system for your PHP application that you designed (or wish to extend a third party program to have plugin functionality that doesn't have it yet).  This is not how to make plugins for existing s…
    I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now