public_html permissions prob (PHP).

**arioch** · 02-24-2007, 02:47 PM

Hi guys,

This is propably really triviaI, but here goes: I have the permissions set to 755 on my public_html folder, but I get the following error when I try to create folders in the dir through PHP:

Warning: mkdir() [function.mkdir]: Permission denied in /home/arioch/public_html/setup.php on line 89

Why am I not allowed to create files in my own dir? What adjustment do I have to make here?

**deathadder** · 02-24-2007, 03:41 PM

If your running the script from a server, its not being run as your user, so the permission 755 won't work, no write access for the group or other users.

Try chmoding the directory to another value: 775 maybe?

**arioch** · 02-24-2007, 09:46 PM

That didn't do it. I'm running the script on my desktop machine, and the Public_html folder is in my home dir.

**crow2icedearth** · 02-25-2007, 12:43 AM

try running apache as the group you want to save it as...... chmod 770 would give you read,write and execute. let us know what happens

**arioch** · 02-25-2007, 11:31 AM

Hmmm ok, In the PClinuxOS controlcenter, one can start and stop apache at the click of a button, but starting it with different permissions? That's another deal. How do I do this from the CL? (or any way). I need to make the change permanent (if it works) as well.

**bwkaz** · 02-25-2007, 03:09 PM

Um, hang on. Don't try to change the way Apache runs (it runs as a limited user and a limited group); change your directory to let Apache access it. If you set Apache to run as a different user, it may not have permission to all the other stuff it used to be able to get at (and even if it does, it'll be running with more permission than it otherwise should; this is a security risk).

To find out what group it's running as, do a:

Code:

for pid in `pidof httpd` ; do
    grep ^Gid /proc/$pid/status
done

This will print the Gid: line from the "status" file for each httpd process. This line shows the various GIDs that the current process has set (they are the real GID, effective GID, saved GID, and filesystem GID, I believe, but I'm not sure which is which -- they should all be the same though).

Now, look up this number in your /etc/group file, and set this directory's group to that group name. Set it to 775 if you want Apache to be able to create/delete files (and subdirectories) there.

**arioch** · 02-26-2007, 03:36 PM

Ok, let's see...

I don't have a etc/groups file, only etc/group. I assume that's it...

The command gave me: Gid: 76 76 76 76

The only group showing that number is Apache. it shows: apache:x:76:

I'm having a few probs getting this sentence exactly right:

"and set this directory's group to that group name. Set it to 775 if you want Apache to be able to create/delete files (and subdirectories) there."

"This directory" being... what? public_html? - or do you mean just changing the Apache entry in etc/group to: apache:x:775: instead of: apache:x:76: ?

**lagdawg** · 02-26-2007, 05:22 PM

I think he means for you to use chgrp to change the folders group rather than changing anything in your etc/group file

**arioch** · 02-26-2007, 06:39 PM

Aha, so creating, say... a "web" group with permissions 775, and make it own public_html, is the way to go?

**bwkaz** · 02-26-2007, 07:51 PM

No, don't create a group. Don't mess with /etc/group at all. (And you're right, my other post should have said /etc/group. Fixed.) Instead, do this:

chgrp apache /home/arioch/public_html
chmod 0775 /home/arioch/public_html

Then the apache group will have read and write permission to the public_html directory (and will therefore be able to create and delete both files and subdirectories, but only at that level). The PHP script should be inheriting this GID from the Apache process, so it should also have write permission here.

Note that if your PHP script has any security holes at all, you've just given an attacker the ability to create and delete any files under this directory. But I assume you're taking steps to make that less of an issue already...

**arioch** · 02-27-2007, 02:18 PM

Thanks. I'm just going to try that when I get home.

I am well aware that folders can now be created by other users, but as the script also works fine on my webhotel, I assume that folder and file creation through scripts is a completely normal thing? I'm creating a set-up script for an application that will be publicly available soon, and people should be able to run this set-up script on their webhotel without probs, to get the proper folder tree set up.

I'll report back soon...

Thread: public_html permissions prob (PHP).

Thread Tools

Display

public_html permissions prob (PHP).

Posting Permissions