[Techtalk] php and apache and permissions
Maria Blackmore
mariab at cats.meow.at
Fri Dec 20 18:01:39 EST 2002
On Fri, 20 Dec 2002, k.clair wrote:
> Another question for you (befuddling week here at work).
It's all good fun :)
> We have a user who is using php scripts to upload files to their
> directory. The directory that they are writing the files to has the
> following permissions:
>
> drwxr-xr-x 2 User users (where User is their username)
>
> However, all the files that are in the directory that have been uploaded
> are owned by user "www" and group "users". This makes sense to me
> because php is run as www. What does not make sense to me is: how can
> php write to that directory if it's only writeable by the user?
Is it writable by group? is the directory that it's going to owned by www?
> I don't know much about php, but it looks like the command they're using
> to write to the directory is:
>
> copy($workphotofile, $copyname);
hmm, ok
> $workphotofile seems to be set directly by this html form tag:
> <input type="file" name="workphotofile">
>
> (I can't see what the original path and filename of $workphotofile is...
> is this some temporary location used internally by php?)
presumably it's somewhere in /tmp ? I'm not familiar enough with PHP to
really answer that.
However, what I think might work better is if you switch PHP to run in CGI
mode instead of through mod_php, and then setup suexec. Our commercial
web hosting is setup in this way, and it works a treat. I'll see if i can
rustle up a sample config based on a sanitised version of our
config. Some people say there's a performance hit from running PHP as a
CGI and a little more from suexec, but we haven't noticed any, and it's
definately worth it for the predictability and security it gives.
Maria
More information about the Techtalk
mailing list