timstring;11026179 wrote:This gets back to my original question for the third time now. 😃 What owner or group do I assign to a folder so that PHP can read and write to it without having to give 'everyone' access?
With respect, this is a much more specific question and much more easily answered.
If I'm not mistaken, you are launching your PHP script by directing your browser to a web server. Please correct me if I'm wrong about that. If you are launching your PHP script this way, then the script's process is probably owned by the web server user. On my Ubuntu workstation, this user is www-data. On red hat or centos machines, this user might be apache. In still other cases it might be nobody. On still other machines, PHP is installed such that a different user will own the process depending on which website is accessed (see suPHP).
You can find out which user owns your PHP processes with this script:
passthru("whoami");
When you access that script in your browser, it will output the name of the owner of the php script. This owner is the one to whom you must grant access. To grant access, you'll need to review basic linux permissions. There is a lot of information available.
Assuming for a moment that the user is apache, you could just make apache the owner and group of the file:
sudo chown apache:apache ~/Downloads/some_file.csv
However, in that case the file would belong to apache and user timstring would not have permission to alter the file unless everyone did. You could leave the file as owned by timstring with the group assigned to apache:
sudo chown timstring:apache ~/Downloads/some_file.csv
You would need to make sure that both user and group have permission to write the file:
chmod 664 ~/Downloads/some_file.csv
That alone would probably be enough to solve your problem but it would need to be done every time you download a file which is obviously a pain in the ass. That's why in my prior post, I tried to suggest the use of chmod g+s ~/Downloads. I'm not especially knowledgeable about this command or what it really accomplishes, but I believe it means that any new files created in the ~/Downloads folder will inherit the group id of the ~/Downloads folder rather than the group id of the user that creates them. Assuming your web server runs as user apache and your username is timstring, I think the commands might be something like this:
sudo chown timstring:apache ~/Downloads
sudo chmod 775 ~/Downloads
sudo chmod g+s ~/Downloads
I'm not at all sure that will accomplish what you want but I think it will cause any new files created in ~/Downloads to inherit their group ownership from ~/Downloads. Since I have set the group of ~/Downloads to apache, apache should now have write access to any new files created in the downloads folder.