Permission woes again - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23

Thread: Permission woes again

  1. #16
    Senior Member traq's Avatar
    Join Date
    Jun 2011
    Location
    so.Cal
    Posts
    949
    I think maybe dalecosp is being *just a little* sarcastic.

    That "solution" occurred to me too, when I was reading through this thread last night - I think you'd need to do something like
    PHP Code:
    exec('echo "{root_password}" | sudo -u root -S {command}'); 
    but you'd also need to comment out
    Code:
    Defaults    requiretty
    in your sudoers file, and maybe other things depending on your setup.


    ...

    Just to clarify, for anyone who might be unsure, neither of these are good ideas and are offered in jest.
    Last edited by traq; 04-04-2013 at 09:53 PM.

  2. #17
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,708
    Nah, Linux users do this all the time!!!

    Code:
    ilovelinus@tuxen  [/etc/quake]
    $sudo rm -rf /*
    Yes, I suppose there's some sarcasm there. However, there are certainly situations under which I'd have no problem allowing "www" into the sudoers file without a password. Of course, none of them are on a public-facing box, either

    I suppose I should really go back and try and understand what the problem is, but I lost interest somewhere around "donkeys" ...
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  3. #18
    Senior Member
    Join Date
    Sep 2012
    Posts
    269
    This gets back to my original question for the third time now. What owner or group do I assign to a folder so that PHP can read and write to it without having to give 'everyone' access?

    I may have stumbled onto a solution. PHP will read and write to a folder that has me as owner, system as an additional user, and the group '_www". I need to add the user "system" and the group "_www" to the folder's permissions that I'm trying to work with, but I don't understand the "chown" command well enough to do this. Help?? Or, am I completely nuts?

  4. #19
    Senior Member traq's Avatar
    Join Date
    Jun 2011
    Location
    so.Cal
    Posts
    949
    chown

    basically, chown system:_www /path/to/folder, though you may have to do chown -R system:_www /path/to/folder if you need to change the files inside also. But whenever you download the file again, the new file will probably have whatever owner/group it does now.

    I'd go with bradgrafelman's suggestion, personally.

  5. #20
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,708
    You need "chmod" to give permissions:
    Code:
    [1021] Mon 08.Apr.2013 14:58:37
    [kadmin@freebsd-devel][~] touch foo; ls -l foo
    -rw-r--r--  1 kadmin  wheel  0 Apr  8 14:58 foo
    
    [1022] Mon 08.Apr.2013 14:58:43 [kadmin@freebsd-devel][~]
    chmod 664 foo; ls -l foo
    -rw-rw-r--  1 kadmin  wheel  0 Apr  8 14:58 foo
    Now my "foo" file is writable by the wheel group ... in your case you'd want "_www" ...

    http://www.dummies.com/how-to/conten...s-in-unix.html

    Please excuse the implication of the link ... no offense intended.
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  6. #21
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,867
    Quote Originally Posted by timstring View Post
    This gets back to my original question for the third time now. What owner or group do I assign to a folder so that PHP can read and write to it without having to give 'everyone' access?
    With respect, this is a much more specific question and much more easily answered.

    If I'm not mistaken, you are launching your PHP script by directing your browser to a web server. Please correct me if I'm wrong about that. If you are launching your PHP script this way, then the script's process is probably owned by the web server user. On my Ubuntu workstation, this user is www-data. On red hat or centos machines, this user might be apache. In still other cases it might be nobody. On still other machines, PHP is installed such that a different user will own the process depending on which website is accessed (see suPHP).

    You can find out which user owns your PHP processes with this script:
    PHP Code:
    passthru("whoami"); 
    When you access that script in your browser, it will output the name of the owner of the php script. This owner is the one to whom you must grant access. To grant access, you'll need to review basic linux permissions. There is a lot of information available.

    Assuming for a moment that the user is apache, you could just make apache the owner and group of the file:
    Code:
    sudo chown apache:apache ~/Downloads/some_file.csv
    However, in that case the file would belong to apache and user timstring would not have permission to alter the file unless *everyone* did. You could leave the file as owned by timstring with the group assigned to apache:
    Code:
    sudo chown timstring:apache ~/Downloads/some_file.csv
    You would need to make sure that both user and group have permission to write the file:
    Code:
    chmod 664 ~/Downloads/some_file.csv
    That alone would probably be enough to solve your problem but it would need to be done every time you download a file which is obviously a pain in the ass. That's why in my prior post, I tried to suggest the use of chmod g+s ~/Downloads. I'm not especially knowledgeable about this command or what it really accomplishes, but I believe it means that any new files created in the ~/Downloads folder will inherit the group id of the ~/Downloads folder rather than the group id of the user that creates them. Assuming your web server runs as user apache and your username is timstring, I think the commands might be something like this:
    Code:
    sudo chown timstring:apache ~/Downloads
    sudo chmod 775 ~/Downloads
    sudo chmod g+s ~/Downloads
    I'm not at all sure that will accomplish what you want but I think it will cause any new files created in ~/Downloads to inherit their group ownership from ~/Downloads. Since I have set the group of ~/Downloads to apache, apache should now have write access to any new files created in the downloads folder.
    Last edited by sneakyimp; 04-08-2013 at 04:38 PM.
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  7. #22
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,867
    You may find this article informative:
    Quote Originally Posted by wikipedia
    Setting the setgid permission on a directory (chmod g+s) causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file (the owner ID is never affected, only the group ID). Newly created subdirectories inherit the setgid bit. Thus, this enables a shared workspace for a group without the inconvenience of requiring group members to explicitly change their current group before creating new files or directories. Note that setting the setgid permission on a directory only affects the group ID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities.
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  8. #23
    Senior Member
    Join Date
    Sep 2012
    Posts
    269

    Cool

    You can find out which user owns your PHP processes with this script:
    PHP Code:
    passthru("whoami");
    "whoami" reports that the owner of PHP is "_www". So, I changed the group of the ~/Downloads folder to "_www" and the script worked. Thanks, sneakyimp.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •