PHP File Creation UID apache

[jstrzalko]

When PHP creates a file (even when apache is running in suexec mode) it still creates the file as the user apache. Obviously this generates 2 problems:

1. No way to keep track of the users quota as it isn't owned by the user, it's owned by apache

2. No way to manipulate the file (move, rename etc) in the PHP script as it is running as the user.

I looked into implementing http://www.faqts.com/knowledge_base/view.phtml/aid/16339/fid/31

But it doesn't seem to work, either that or I didn't configure it correctly.

I am running PHP in safe mode obviously for security reasons and am running Apache 2.

Anyone know of a way to get PHP to create files and directories as the suexec user/group? I'm dying for an answer.

Thanks,
--Josh

 

[mightymickey]

nobody??

i am having a look a like problem as discribed above.

pictures uploaded by a php photo gallery are owned by the apache user and not the user of the account, so the pictures aren't counted within the users quota.

how to make this working that the quota is counted right?

 

[snaaps]

I have the same problem here!

Anywane has a soulition?

 

[Avenueduweb]

Hello,

I have the same problem since I am on fedora core 2, the problem not exists on Redhat 9. What is the solution ? Thanks. Bye.

 

[nobaloney]

You can (manually) set up a cron job for root that will automatically change the ownership of all files in a given directory. You can run it every night before the tallys are done.

Jeff

 

[Eric]

1. Create a C wrapper:
Use setreuid() & setregid()
chmod 6775 (6771 will do, too)

2. Make the php file executable:
#!/usr/local/bin/php
chmod 775 (771 will do, too)

3. Execute the C wrapper to execute the php file.

Make sure that both of these files are your username:groupname

 

[Chrysalis]

Hi both solutions posted need more explanation.

"1. Create a C wrapper:
Use setreuid() & setregid()
chmod 6775 (6771 will do, too)"

I think 99% of people here probably dont know how to make a C wrapper.

Jeff have you got a example cronjob entry that will do what you said? so it could be run to fix all user's dirs?

 

[Eric]

Fortunately, I'm that 1%. I've already provided very specific instructions; it's more than enough to guide you to the right directions.

 

[resolveit]

You could use this little shellscript but be warned it might break some websites when the user apache is not able to access certain files...

#!/usr/bin/ksh
userlist=`ls -l /home | awk '{print $9}'`
for user in $userlist
do
   chown -R $user:$user /home/$user/* 
#   chmod -R 755 /home/$user/*
done

You could uncomment the chmod to set permissions or you could change the chown to set group to apache and chmod to 750.

Regards,
Onno Vrijburg

 

[Chrysalis]

Eric then I must be dumb to not understand it sorry

is Use setreuid() & setregid() supposed to be command?
as it displays this error
syntax error near unexpected token `(

if not then how is
". Create a C wrapper:
Use setreuid() & setregid()
chmod 6775 (6771 will do, too)" specific it doesnt tell me how to create the C wrapper.

But if we use what resolveit hs given that is enough right, thanks.

 

[Eric]

http://www.google.com/search?hl=en&q=setreuid+setregid

 

[mike_p]

Change your php script to a CGI

eg rename myname.php to myname.cgi
then put the following shebang line at the top of the script:

#!/usr/bin/php

make sure that the owner/group for all directories from public_html to wherever the script exists is set to the user. Make sure that execute permission is set for all those directories. I think that covers it!

Any probs, get back and I'll check to see what other mods I've made.

 

[Icheb]

*bump*
While we're at it, could this be a (temp) solution, if it can be implimented ?

On FTP login, let the FTP server also have write rights on apache:apache, so that for FTP it really doesn't make any difference (which is the larger part of this problem).

However, at this time, I'm still a bit clueless on how something like that could be implimented...

chown -R $user:$user /home/$user/*

Chown'ing isn't an solution, as per example Mambo or Moodle don't like their cache dirs to be chowned to anything else than the apache user.

 

[hendrix74]

Fortunately, I'm that 1%. I've already provided very specific instructions; it's more than enough to guide you to the right directions.

 

[gbjbaanb]

I think he meant, create a C program that calls these 2 system functions.

I think that nightly forcing file ownership change is too broad a brush to use to fix this issue (see Mambo's issues), and I wouldn't want people chmoding files to be 777 to fix things.

(incidentally, have a look at this post for a fix that lets you run existing php scripts as users.

 

[Icheb]

Been thinking about this some more. And there already might be a solution, if not mistaken, SuPHP was written to counteract this problem.

I'm going to add a test install to my todo list, if it works I'll let you guys know .

(Note, it may take a month or 2 before I actually get there on my todo list, it's pretty big at the moment).

 

[dredshaw]

I'm having the same issue. PHP directory and upload functions fail under suexec and if I disable it new files are created as the Apache user.

With suexec I also have to set permissions to at least 555 for my scripts to work and I don't see why I need to have o+rw for things to work.

I can see why the other things suggested above would work, but is there an explanation for the problem since I'd like to figure it out rather than working around it?

Thanks for any help.

 

[asmar]

Any update on this?
Having a cron is simple the worst solution as clients need to wait until the cron run to upload images etc.

 

[jackc]

I tried to request let DA's file manager manipulate these files, but probably wont' work.
http://www.directadmin.com/forum/showthread.php?t=17293

 

[redesb]

http://www.directadmin.com/forum/showthread.php?t=15851