selective write permissions

whetzels

Hi,
Is there anyway to setup selective write permissions for some users and not for others? I have a php program which generates html pages. In order to create those pages it must have write access to the directory. However, I don't want everyone else to have write access to the directory - just read. I have read thru some other threads and it seems like Apache defines everyone the same (nobody) whether it is a user browsing the site or a php program generating html pages.

Thanks for any help,
Scott

[deleted]

"I don't want everyone else to have write access to the directory - just read."

what kind of users? people who logon to your server or just web-clients?

whetzels

web clients. People who will be browsing my site.

Anon

Well, firstly, as long as you do not allow PUT headers, you need not worry much with Apache. One thing you can do is drop an .htaccess file into your web root. Then, in that file, place a couple of directives like this example;

AuthName "My Website!"
AuthType Basic
AuthUserFile ../.htpasswd
<LimitExcept GET POST HEAD>
require valid-user
</LimitExcept>

Then use the Apache tool htpasswd.exe to create a password (.htpasswd) file with the users you would like to allow the filtered header commands such as PUT.

The other alternative is if you are writing files from PHP, through a POST command, which is a dangerous concept, you WILL need to code your own authentication checking. Apache does, in fact, see everyone as the service for which it has started. Hopefully, the system administrator has not given Apache root level access or beware.

Hope this helps.

Matthew Pirvul
eAccounts.NETwork

[deleted]

Please explain how you can change PHP's write-access to a directly through the username defined in a .htaccess file??

[deleted]

In that case the read/write access is not really there at all.

If you want to write a file using PHP, then PHP will have to be able to write that file all the time, no matter who is browsing your site.

You will have to do the permissions checking in PHP, and tell PHP not to write unless the user has identifier himself as a user who has a certain flag set in a database or something.

The thing to remember is that PHP runs as one and the same user, no matter who is browsing the site. Thus the file permissions are the same no matter who browses the site.

It's your script that writes, not the 'user',
so your script should decide wether it should write or not.

A forum, a FAQ, what else do you need?

Time to YAPF!: http://www.hvt-automation.nl/yapf/

Anon

This was under the assumption that the write was being accomplished with a PUT header. If we are talking about web site visitors, this can really be the only circumstance as I understand it. If a PUT header is not being used (say a POST was being performed and one was just processing the data and writing to a file), then all write actions will simply use the access level that the web server has....no?

Therefore, if writes are being accomplished via a PUT method, simply use a .htaccess/.htpasswd file pair to restrict who can PUT files.

Please feel free to correct me if I am wrong or mis-understanding the question.

Best.

Matthew Pirvul
eAccounts.NETwork

whetzels

Thanks for the info. That's not the answer I was hoping for, but it answers my question.

My workaround the problem is to put my php programs in a subdirectory that users won't see. Run the programs from there and create the pages under that subdirectory. Then I copy the created pages up to the root directory of the site and change the permissions and ownership to them so that the average users viewing the site can read the pages, but not modify them.

Thanks for everyone's input.