Solved

File permissions and Ownership in Php

Posted on 2014-01-03
7
298 Views
Last Modified: 2014-01-03
Hi all.

Everytime I write a script which involves the creation of files and/or directories I have the same problems: in my Linux server (a shared host) first I must manually set permissions correctly because doing it from the script doesn't produce any result; then, if I need to delete those files, can't do it manually and I must use the script itself.

Today, I had a new problem, because the files created by the script have permissions set to 0000 and I can't delete them nor manually (via an ftp client, I mean) nor via script!

So, please, iluustrate the best practices to manage permissions in order to avoid these problems: I'll be grateful for ever. :)

Cheers
0
Comment
Question by:Marco Gasi
  • 3
  • 3
7 Comments
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 39754752
1. A file with 0000 permissions can only be deleted by root or the file owner. If the file is owned by the user that PHP is running as, then there shouldn't be any reason that PHP can't unlink the file.

2. If you set the owner (or group) of a directory to the same one that PHP uses, and you have write permissions for owner/group on that directory, then PHP will be able to create files in that directory.

There's no real other "secret" way to manage permissions, unfortunately. Almost all shared hosts use mod_php, which means you're stuck with running PHP as the user / group that Apache uses. It's just a matter of changing permissions to allow that user / group to write to a directory.
0
 
LVL 30

Author Comment

by:Marco Gasi
ID: 39754797
Hi gr8gonzo and thanks for your reply.

I saw now that permissions are set to 0644, but don't ask me how this happened because I don't know. The created directory permissions are 2755: ?

But going on, I would like to know how can I get the user php uses. If I view directory properties using FireFTP, I see the owner is apache so I have to change it using chown command but which user name I have to pass to chown command?

Supposing my hosting provider is using mod_php, means this I have to speak with them to find a workaround? Or there is something I can do?
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39754833
It depends on how your hosting is setup.  On my main hosting, each account corresponds to and is located in a Linux 'home' subdirectory.  That allows them to use 'suphp' http://www.suphp.org/Home.html to use the permissions of our user account in PHP.  

I don't think most hosts do that though.  If your hosting is set up so that you are not a 'real' user with your own directory, then you won't have normal 'user' permissions and you would have to speak to your hosting company to find out what is available.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 39754844
The simplest way is just to look at the owner and group of a file that is created via a PHP script. That will give you that info right away, but you can also use PHP functions (e.g. get_current_user()) to get that info, too.

If the directory is owned by "apache" and PHP is running as "apache", and if the directory has "7" as the owner bit, then PHP scripts should be able to create new files inside that directory.

Chances are that the hosting company will not have a workaround. Usually shared hosts are so dynamic with their population that it would be difficult to try and create NEW customized behavior for a single customer.
0
 
LVL 30

Author Comment

by:Marco Gasi
ID: 39754909
Well, using get_current_user() function I get my own username, 'delphico'. But the owner of files results to be 'apache'.

@DaveBaldwin: this could mean I have a personal home directory? I'll ask to my provider (but I can't do it now: it seems they have some problem with the server) and eventually I'll ask to install suphp

@gr8gonzo: since current user and owner are different I tried to use chown command but I get Warning: chown() [function.chown]: Operation not permitted
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 39754960
Yeah, shared hosts disable quite a few functions (for your own security from others on the same server). You can try to change the owner in FTP, or you can also just create a new directory, give it full permissions and then use PHP to create a subdirectory, and from there, it should be able to read/write files within that subdirectory (and you can use a file manager or FTP to move it into the correct location).

You may be able to just ask your host to set certain permissions, too.
0
 
LVL 30

Author Closing Comment

by:Marco Gasi
ID: 39754974
Thanks guys. I'll use your input speaking with the provider.
Best wishes to you for a wonderful 2014.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now