----- Original Message -----
From: "Pete"
I am having problems writing a file (in fact, it's a Google sitemap) to
a site.
I know that it has something to do with permissions and owners. But how
can I see what the settings are for this file? And what "owner" will
PHP be known as?
--
Pete Clark
------------------------------------
Hi Pete,
This issue can be quite different on different servers depending
on how php is running.
The most common setup is to have php running as an Apache application. In
this setup http: accessible scripts run with the authority of the default
www user. Most often the default www user is 'default', 'www', 'www_data',
'apache' or 'nobody'.
FTP however most often has the authority of the specific hosting account
owner. So if your FTP login name is 'john" then files uploaded by 'john'
have the owner 'john'.
On some servers php runs as a CGI which is totally different. In this setup
the scripts that are accessed via http: run with the authority of the
account owner.
Also on some servers there is an option to run a 'wrapper' or 'cgi wrapper'
or 'authority wrapper' or 'owner wrapper' so that optional scripts run with
the account owners authority while others run with the 'default user'
authority even when php is running as an Apache application. This however is
less common.
Putting this all together -
Firstly, you have to determine who is the file owner.
In most cases any file that is uploaded via private FTP will be owned by the
account owner.
Files that have been created by scripts have the owner of the authority that
the creating script was running under. Normally this is the 'default www
user' however if you are using a wrapper or running php as a CGI then the
owner will most likely be the actual hosting account owner.
So if the script runs as 'default www user' then 'default www user' will be
the owner of the created file. However if the script is running with the
authority of the hosting account owner then the hosting account owner will
be the owner of the created file.
This is why most people have their first trouble when they shift hosting
accounts. All the original scripts that were uploaded in the first place
transfer across fine but files that were created by these scripts often
change owner from the 'default www user' to the account owner due to the FTP
process from one server to another.
Most people get around this by changing file/folder permission's and in the
process they compromise the security of their scripts.
How Apache file attributes work -
In Apache there are 3 authorities of access and 3 access controls for each
of the authorities.
The authorities are -
Owner - is the actual owner of the hosting account.
Group - is the collective group of authorised account owners on a server or
subusers that have been authorised for your account via 'basic auth' login
protocol.
User - is the default www user or just anyone using a browser or http:
access.
The controls are (for files) -
Read - read access to be able to read a file - in php via http: the file is
parsed so the assessor only sees the results of the code.
Write - Modify/delete access to the file.
Execute - this give the ability to execute code etc.
The controls for folders have different meanings.
The controls are (for folders) -
Read - is the ability to list the files/subfolder in a folder.
Write - is the ability to create, modify or delete files or subfolders in
the folder.
Execute - is the ability to access (in anyway) files in the folder - like
the meaning of read is for files.
So if a script needs to create an read files there are two real options -
1) If the script runs as the account owner then the file has to at least
have permission's 600 and the folder that contains the folder needs at least
300.
2) If the script runs as the 'default www user' then the file needs at least
660 and the folder needs at least 330.
In reality you are not so concerned with owner access restrictions so these
permission's would translate to -
600 => 700
300 => 700
660 => 760
330 => 730
However if your script runs in the owners authority then it is best restrict
access to the bare minium (first permission's) without this translation.
FTP and cPanel do not show file owners which makes things hard. To use php
to see the file owners then read up on POSIX functions in php.
To work blind, in most cases you can write a simple script that uploads
files via the http: POST method and these will match the owner of other
script created files. This can be done with a textarea html element for
simple text files. For binary files you have to use the php $_FILES method.
For text file use -
$posted_text = $_POST['textarea_name'];// as in <textarea name=???
str_replace("\r\n", "\r", $posted_text);
str_replace("\r", "\n", $posted_text);
- to standardise the line delimiter while maintaining white space.
I did start to write a file/folder browser like windows explorer that shows
owner information but didn't finish it ;-( when I do finish it then I will
upload it to the files section of this group.
Clear as Mud??
Hope this helps anyway, Rob.
