I have created a script that will dynamically rebuild an enter site form a database. The proplem is that php scripts create files for the user 'unknow' in UNIX/Linux, and that user doesn't normally have access to the document root. I could set the permission to 777 but that is not a good idea in general.
Is there a way I can safely create files, and directories, with php in the document root without loosing all security?
[man]chown[/man]/[man]chgrp[/man]/[man]chmod[/man] them.
Thanks, those are good ideas, but they would still leave me with two problems.
1) The document root of my site still has to be set to 777, which isn't a great idea.
2) I would not have the ability to delete, or replace, anything from a subsequent script.
I’m hoping there is a way that a php script can login to UNIX/Linux as a different user that has the required privileges. Or perhaps call a C program in the server system that can set and revoke the required privileges, before and after the php script runs.
I have looked through all the php documentation I can find, but I haven’t been able to locate anything that describes this kind of functionality. UNIX/Linux is definately my week area, but I'm sure the must be a way to do this somehow.
Have the script rebuild the tree in another directory, and have a priviliged user cron job that checks periodically and does the actual mv/cp or whatever....
I use a similar strategy with smaller objects and /tmp ... if you are rebuilding an entire site, it might not fit in /tmp, but you might be able to do it within your /home/foo* ....
Thanks for the idea. I can see how that could work well, but I have over 300 sites and growing, that's just way to much overhead for the servers.
The final solution came, as most do, with a great deal of reading and learning yet another language (perl), and a lot of trial and error.
What I wound up with is:
- A 'listener', written in perl, and set up as a daemon that runs on all the servers.
- Each server has a shared directory that all the sites can write to.
-When a site requires a rebuild, it writes a text file called 'on' to the shared directory. The file contains a single line, which is the full path to the document root for the site.
- The listener is owned by root, and continuously checks the shared directory. When it finds a file named 'on', it reads the contents and sets the privilages of the site root to 777.
-the rebuild program waits for the privilages to be set, then rebuilds the site, then writes a file called 'off' to the shared directory
- the listener also looks for the 'off' files to set the site privilages back.
It's all working perfectly now.
