permissions question

FrozNic

does anyone know of an extensive well written article on permissions? i'm so lost on why my scripts run fine locally but once online completely cover my screen in errors... all about permissions! i'm guessing it has a lot to do with apache permissions and php permissions and then my own permissions as the webmaster... i just need it layed out if anyone gots any ideas 🙂 i'd be greatful!

ir4z0r

a short intro 😉 :

for a file exist 3 different groups of people who could try to access it:

the owner of the file (u - user), all users of the same group (g) and
all others (o)

each of these groups can have different permissions for reading (4),
writing (2) and executing (1) of the file

add these numbers to combine permissions, ie read + exec = 4+1 = 5

the resulting number contains these single permissions in the order
ugo (see above)

ie 754 would allow the owner to do everything, group members
may read and execute and all others just read

in general there are 2 user involved on a webserver:
files you uploaded yourself are owned by the ftp-user with which
you login

the scripts etc are executed by the webserver (Apache), PHP is
exec'ed by Apache, too, so it's the same user

hence, all files created by Apache/PHP are owned by the Apache-User,
not the ftp-user

in short: you have to set the permissions of your uploaded files
so that Apache can access it correctly

example:
a php-script, uploaded via ftp:

705 should be enough, ftp-user can delete the file if wanted and
apache can read and execute the script

remember to give write access to log files and similar stuff, like
707

Hope that helps and is not too confusing 🙂

ps: another type of representing is the rwx-style

 u      g     o
 rwx  r-x   r--

would be 754

FrozNic

no, not too confusing at all, i already understand it all to an extent.. but, my confusing comes when i have this problem.. lemee kinda lay it out and maybe there's a really simple explanation that maybe i'll already kinda understand:

on my serv. i have 1 folder called admin in the root folder, and in the root folder a file called 'test.php'. the admin folder has 4 files in it, services, help, contact, and index. when a user runs test.php, it's supposed to create a new folder, and copy all of the contents from the admin folder, into the new folder they created. the new folder is whatever they call it, the permissions have been set up to 0777, my problem is, i seem to lose permission to write to or delete these files.. the 'apache' group i think, gains the permission and it's no longer 'my' file so to speak. so i'm trying to figure out how to set the group to me, 'whoever that is' or just make it so it belongs to me, or whatever.. any thoughts? thx

access9

at the end of test.php, add the lines:

shell_exec ("chown -R username directory");
shell_exec ("chgrp -R username directory");
shell_exec ("chmod -R 0777 directory");

That will change the permissions on the files within that directory and make whatever user you specify the own of that file.

FrozNic

all, cept, i'm not root and it seems to think that i have to be, however, i goto change them and i get no errors back... here's the code.. tell me what you think?

<?
$file = 'testing9';
$oldumask = umask(0); 		// for some insaine reason u need to unmask the mkdir function?!?!
mkdir($file, 0777); 
shell_exec ("chown -R ezclicks testing9"); 
umask($oldumask);

$user = posix_getpwuid(fileowner($file));
echo "File owner: ".$user["name"]."<br>";
$group = posix_getgrgid(filegroup($file));
print "FileGroup: ".$group["name"]."<br>";

$c = shell_exec ("chown -R ezclicks testing9"); 
print $c;
$b = shell_exec ("chgrp -R cityclickersgrp testing9"); 
print $b;
$a = shell_exec ("chmod -R 0777 testing9"); 
print $a;

$user = posix_getpwuid(fileowner($file));
echo "File owner: ".$user["name"]."<br>";
$group = posix_getgrgid(filegroup($file));
print "FileGroup: ".$group["name"]."<br>";
?>

access9

The good news: First and most importantly, you're trying to create a directory where you don't have permission to do so.
Assuming you have command line access, first, create a directory within the current directory. chmod it to 0777.
You then have full write permissions in the directory.

Bad news: You can't change the ownership on files, even if you're owner, unless you're root.

Sloppy workaround: Again, assuming you have command line access, copy the mkdir binary from /bin to your current directory.
Then do: chmod +s mkdir That will make any directory created with it owned by the owner of mkdir (you).

From within your script, remove the lines:
$oldumask = umask(0); // for some insaine reason u need to unmask the mkdir function?!?!
mkdir($file, 0777);
shell_exec ("chown -R ezclicks testing9");
umask($oldumask);

and replace them with

shell_exec ("./mkdir $file");

here's what I did, and it worked:

$file = './newdir/testing9';
shell_exec ("./mkdir $file");

$user = posix_getpwuid(fileowner($file));
echo "File owner: ".$user["name"]."<br>";
$group = posix_getgrgid(filegroup($file));
print "FileGroup: ".$group["name"]."<br>";

Good luck.

FrozNic

man, this day just keeps gettin longer and longer :S i don't have access to cmd line... or else i would happily go for what you said... 🙁 i'm reverting to ftp functions instead.. i'm hopeing everything will work better that way.