Apache owner of files

[Rick L.]

Hello Everybody,

I have a problem with a DirectAdmin server for 2 years now. Some customers are using content management systems which automaticly creates files and directories. The owner of this files won't be their username, but 'apache', so they can't edit or remove these files anymore.

I searched on the forum for solutions for this problem. I found some topics about it, but no solution.

Does anybody know what I can do to solve this problem? Using a cronjob with the chown-command is no option.

For your information: I'm using the newest version of DirectAdmin on a FreeBSD 5.3-server.

Thanks a lot in advance,
Rick

 

[nobaloney]

The content managers require that file ownership be apache for some functions to work, and all files created by the content manager system will be owned by apache.

It's really not a DirectAdmin issue. Generally on the forums for the CMS programs they'll tell you to let the CMS system manage the files.

While a cronjob may not be an option for you for various reasons, nevertheless that's what we set up in instances where the user can't use the CMS to manipulate the files as required.

Jeff

 

[Rick L.]

Hello Jeff,

Thanks for your reply!

The problem is that more and more clients are starting to use software like Websitebaker. Mostly they would like to edit some files, and everytime they can't, so we have to 'chown' the files.

I understand that it's not a problem with DirectAdmin but we have to change the owner of a lot of files three times a day. And that is very frustrating.

Is there nothing we can do?

Thanks,
Rick

 

[nobaloney]

Or you can set up a cronjob to run for each user. Set it up once. And run it every two minutes or so.

Really.

Jeff

 

[Rick L.]

Wouldn't cause that a high serverload?

 

[hostpc.com]

Running php SUexec would leave the files in the owners control ...

there's another reason why you might want to do this, because files owned by apache aren't in the disk quota calculations for that user ... if they're owned by apache (uploads, etc) - the user doesn't get dinged for the disk usage

 

[smtalk]

Yes, that is a big problem cPanel runs apache as nobody, also you can delete files which you have uploaded via www I think that DirectAdmin developers should take a look at this problem and solve it if possible (delete files using file manager etc.)

 

[redesb]

I solved the problem with suGID the dirs where CMS's upload/create files with one simple 'chmod 2775 /path/cms/upload' and changing the group to the domain owner group and owner to apache with 'chown apache.domgroup /path/cms/upload'.

This way when a new file is created/uploaded with the CMS the owner on such file is apache but the group is domgroup and the domain owner can delete the files with FTP acces if needed due to rwx permissions of the domgroup.

The only problem with that is when the domain owner upload files to these dirs by means of FTP.

These are the permissions set in the olds RaQ3/4 Sun servers for the 'web' dir (public_html on DA).

Hope this help.

 

[patrik]

I have tried the suGID solution but can't get it to work. This is how I test it:

# mkdir test
# chown apache:web25370 test
# chmod 2775 test
# su apache
$ touch test/file
$ ls -alF test/
total 4
drwxrwsr-x   2 apache    web25370  512 Nov 16 11:14 ./
drwxrwxrwx  23 web25370  web25370  512 Nov 16 11:11 ../
-rw-r--r--   1 apache    web25370    0 Nov 16 11:14 file

The new file is owned by apache, but should be web25370. Any help would be appreciated!

 

[redesb]

Yes you are right, the owner is apache but the group is 'web25370' and the problem is:

...The owner of this files won't be their username, but 'apache', so they can't edit or remove these files anymore.

Now you can remove the file with FTP and PHP. Without suGID the owner and group of the any new file created by PHP is 'apache.apache' with suGID the group is 'web25370', sufficient for the intention that the user can edit/erase the archives.

 

[patrik]

Hmm, I thought the new owner would be web25370, where did I get that from?
But still, the user can't do anything more than read the file:

-rw-r--r--   1 apache    web25370    0 Nov 16 11:14 file

Am I missing something or how will the group get write permissions automatically?

 

[redesb]

The CMS's I use take care of group permissions by means of PHP umask and chmod functions, but out there are others solutions if you need to force 002 umask for all your clients.

The one I have used sometimes is set 'umask 2' in the /etc/rc.d/init.d/httpd' file before start apache and change again to 022 after that, this way apache run with these umask permissions and the result created file done by apache belongs to the permissions you need.

If you use apache 2 you can test the 'mod_umask'.

Google is your best friend

 

[PGP]

So, people.
Is there some good solution for this trouble? =( Because this is really annoying =(

 

[smtalk]

Try posting into the "Feature requests" forum Maybe DirectAdmin staff will include function to change apache owned files ownership via filemanager.