php: chown() and permissions

Discussion in 'OT Technology' started by Slid., Mar 9, 2005.

  1. Slid.

    Slid. I'm a guy.

    Joined:
    Oct 25, 2001
    Messages:
    1,928
    Likes Received:
    0
    Location:
    NH
    I have come to a huge roadblock for a script that I am writing -- the feared 'nobody' user. For a quick lesson, when you create a directory, a file, or upload a file the file permissions will be set to nobody (or whatever the default is for your server).

    I know this is for security reasons, who wants a rogue php script dancing around with root privledges... nobody (bwaaha).

    Anyways, so I am basically doing all of the above (dirs, files) and PHP is setting them all to 'nobody'. I try to combat this with a 1, 2, that being chmod(0777) and chown(myuser). chmod works but chown bombs, everytime.

    It is my assumption that if I can get chown to work then I can move along, for example. I have a dynamic image called in a PHP-made directory. This image was uploaded by PHP, it has 777 permissions. I cannot access this file using PHP, it says it does not exist. Now, if I go and upload a different image (via FTP), same directory PHP can see it - I don't even need the permissions set to 777.

    Has anyone encountered this and come to a fix? The only thing I can think of right now is to make PHP connect via FTP to the host and upload the files that way, that just seems like taking a 100 mile trip when you could go 10 miles.

    How can I overcome the chown issue. I've emailed my web host, waiting for a response.

    Thanks.

    Code:
    
    Warning: chown(): Operation not permitted in /home/mmhmm/public_html/dir.php on line 15
    
    
    
     
  2. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,612
    Likes Received:
    36
    Location:
    Atlanta, GA
    You can't chown a file to a user other than yourself (unless you are root).

    The problem I don't get here is that you cannot access a dynamicaly created images that is owned by nobody (since the PHP script running as the same user as yur webserver created it) and chmoded 777 (which you set). Are you sure you have the path to access the dynamic image entered properly? /php/image.jpg is a lot different than php/image.jpg

    Second....are all the scripts running as the same user? You aren't running one script via cron for example (which would make it owned by root) and another by the webserver (making it owned by nobdy), are you??
     
  3. Slid.

    Slid. I'm a guy.

    Joined:
    Oct 25, 2001
    Messages:
    1,928
    Likes Received:
    0
    Location:
    NH
    Nope to all accounts.

    As for my code I am certain that the path is correct, my code is below:

    Code:
    $path = "imgs/06905/test2_1U6Q.gif";
    $path2 = "imgs/06905/test1.gif";
    
    $path is an image that was uploaded from my uploaded script (owner is: nobody).
    $path2 is an image that was uploaded by me, from ftp (owner is: me).

    If I try to dynamically load $path2 it loads just fine, if I try to load $path it doesn't find the image -- that is what baffles me. Like I said, the $path image is 0777 but $path2 is 644.

    This makes me think that it is something server-side, like its really locked down or something.

    The chown'ing to other users unless you are root makes sense, thank you.
     
  4. Slid.

    Slid. I'm a guy.

    Joined:
    Oct 25, 2001
    Messages:
    1,928
    Likes Received:
    0
    Location:
    NH
    Well, I just got a reply from my web host:

    So I guess that is my next move.
     

Share This Page