Reasons fopen() might fail...

Vigilante

I'm writing a script to generate html files and fopen always fails, giving the error " failed to open stream: Permission denied in etc etc". My question is why is this happening? The obvious answer is because php's rights have been restricted on the server but if that the only way to get this error? Could it be a problem with my syntax? Does anyone have any suggestions or similar experiences with fopen?

Incidentally, I'm calling fopen this time with 'w' mode, because I need to create files. When I call it with 'r' is seems to work fine. I tried 'w+' and 'x' as well, neither worked.

Weedpacket

I'd go with the obvious possibility first: PHP doesn't have permission to write to that file. What makes you think it might be different?

Vigilante

I tested it on two servers. I've run several forums on both of them, although I always used mysql, I just didn't think many hosts restricted php's permissions that way. Seems a bit paranoid not to give php write access to the disk.

drawmack

it's not that php doesn't have write access.

It's that the user agent (namely the web server) php is running under doesn't have write access to this particular folder.

If you think that's paranoid give me the path to the folder that's writtable the this agnet the url or ip of your server and about 2 minutes and I'll show you why it's not a good idea.

If you have access to mysql why don't you stick that pages into the database and then write a render program that will display them it's loads more secure.

superwormy

Um... actually almost every single host utilizing CGI restricts permissions this way...

In the VAST MAJORITY of cases, PHP ( Perl / CGI / mod_python / ASP / etc. ) run as the nobody or www user, who has almost no permissions.

If you want the nobody or www user to be able to write to a file you've created as your FTP user / Shell user, you should CHMOD the file.

Allowing CGI / PHP scripts to have write access to a ton of files opens up TONS of possibly security holes, ESPECIALLY in a hosting situation where people dont' always know what they're doing and write potentially dangerous scripts. Permissions closes a ton of these holes.

superwormy

And drawmack... a user-agent is something along the lines of a Web Browser / Web Spider / WGet / Lynx, etc., and has NOTHIGN to do with web server permissions. You mean to say the system user / user Apache runs as / etc.

drawmack

yeah I misspoke. But the point is still the same.

Vigilante

Fixed now, I set permissions on all directories to 777. Guess I should have done that from the beginning, I thought I had forgotten something.

drawmack

what's your url?

BuzzLY

lol... dude, that's not nice. Funny, yes. Nice, no. 😃

Vigilante, do NOT set permissions on all of your directories to 777. That allows ANY user to write to any file or any directory on your server. Is that what you want?

Vigilante

Can it be helped? My script must do this task (preferably securely) and in a very specific way.

Well.. anyways, now I've gotten quite a bizarre bug. I'm doing this with a recursive function which works fine except on one directory which is six subdirectories removed from where the script is running and php says it doesn't have permission to create a stream and write. I've checked and everything is CHMODed insecurely and I even created a subdirectory under the one that didn't work and it worked. So basically, one directory just doesn't work for no apparent reason. This one has me kind of stumped. Why on earth would one directory not work?

drawmack

is it, or is one of the files in it a symbolic link.

KenBrowley

Hi Guys, this is my first post on these forums.

Im having a similar problem to Vigilante.

Is there any way through the user-agent (i.e. the browser) to make the web server know that you are the administrator and then create the files without having the folder on 777 (perhaps 744 or 700). For example, logging into a folder/admin page through a username/password defined in .htaccess?

The platform we are using is Cobalt Raq4, Apache red-hat, php4.1.2. (Not sure if this makes a difference).

s_shrum

I too am having this issue.

Um, not to seem totally stupid but how does one chmod a folder....I've done it to files before, but SmartFTP disables the CHMOD option when on folders.

feldon23

I love PHP, but this has to be the most annoying thing.

I too have to set directories to 777 for PHP to me able to write or modify files in that dir. Why in the world is 'execute' access required? Grr! I consider this a bug in PHP/Apache.

Um, not to seem totally stupid but how does one chmod a folder....I've done it to files before, but SmartFTP disables the CHMOD option when on folders.

Sounds like Not-So-SmartFTP to me. CHMOD is vitally important regarding folders.

s_shrum

Ok...I ssh'ed into my box and CHMOD'ed the folder from the command prompt that I'm trying to write to (confirmed with ls -l) but I'm still having problems. is_writable() is reporting back false.

I've tried a whole host of different pathnames (relative, root, alsolute, etc) but it's still not letting me write the file.

Any ideas?

mrhappiness

you're talking about a folder right?

did you try clearstatcache?

what does is_dir output?

s_shrum

Doh...

Just saw the problem....

Q. How do you is_writable on a file that does not exist yet?

A. You DON'T!

:eek: :rolleyes:

That's what I get for taking sample code blocks without checking the logic.

superwormy

It should be noted that PHP not having write access to anything is NOT a PHP or APACHE bug. It's actually a feature, and not of Apache or PHP either, but of *NIX.

Everything on a *NIX system has permissions, and most webhosts will set PHP / Apache to run as the 'nobody' or anohter unprivilidged user by default.

This is to safeguard the system, otherwise, anyone who could find a way to use some morons badly programed PHP / PERL / ASP / JAVA / ETC. script to execute arbitrary code or even to overload the system might end up with full access to the system, and be able to crash the system / delete everyone elses files / change everyone elses stuff / etc. etc. etc.

You CAN actually get Apache and PHP to run as a different user... and thus avoid these permissions issues... but its a security risk most hosts understandably won't spring for.

KenBrowley

Hi Superwormy,

I looked into this further after getting nowhere fast with our server provider and it has something to do with suEXEC. Is this your understanding too?

If so, do you know how to change the permissions for PHP. We have our own server so hopefully the only bad prgramming will be down to us 😉.