----- Original Message ----- From: "Pete" I am having problems writing a file (in fact, it's a Google sitemap) to a site.
I know that it has something to do with permissions and owners. But how can I see what the settings are for this file? And what "owner" will PHP be known as? -- Pete Clark ------------------------------------ Hi Pete, This issue can be quite different on different servers depending on how php is running. The most common setup is to have php running as an Apache application. In this setup http: accessible scripts run with the authority of the default www user. Most often the default www user is 'default', 'www', 'www_data', 'apache' or 'nobody'. FTP however most often has the authority of the specific hosting account owner. So if your FTP login name is 'john" then files uploaded by 'john' have the owner 'john'. On some servers php runs as a CGI which is totally different. In this setup the scripts that are accessed via http: run with the authority of the account owner. Also on some servers there is an option to run a 'wrapper' or 'cgi wrapper' or 'authority wrapper' or 'owner wrapper' so that optional scripts run with the account owners authority while others run with the 'default user' authority even when php is running as an Apache application. This however is less common. Putting this all together - Firstly, you have to determine who is the file owner. In most cases any file that is uploaded via private FTP will be owned by the account owner. Files that have been created by scripts have the owner of the authority that the creating script was running under. Normally this is the 'default www user' however if you are using a wrapper or running php as a CGI then the owner will most likely be the actual hosting account owner. So if the script runs as 'default www user' then 'default www user' will be the owner of the created file. However if the script is running with the authority of the hosting account owner then the hosting account owner will be the owner of the created file. This is why most people have their first trouble when they shift hosting accounts. All the original scripts that were uploaded in the first place transfer across fine but files that were created by these scripts often change owner from the 'default www user' to the account owner due to the FTP process from one server to another. Most people get around this by changing file/folder permission's and in the process they compromise the security of their scripts. How Apache file attributes work - In Apache there are 3 authorities of access and 3 access controls for each of the authorities. The authorities are - Owner - is the actual owner of the hosting account. Group - is the collective group of authorised account owners on a server or subusers that have been authorised for your account via 'basic auth' login protocol. User - is the default www user or just anyone using a browser or http: access. The controls are (for files) - Read - read access to be able to read a file - in php via http: the file is parsed so the assessor only sees the results of the code. Write - Modify/delete access to the file. Execute - this give the ability to execute code etc. The controls for folders have different meanings. The controls are (for folders) - Read - is the ability to list the files/subfolder in a folder. Write - is the ability to create, modify or delete files or subfolders in the folder. Execute - is the ability to access (in anyway) files in the folder - like the meaning of read is for files. So if a script needs to create an read files there are two real options - 1) If the script runs as the account owner then the file has to at least have permission's 600 and the folder that contains the folder needs at least 300. 2) If the script runs as the 'default www user' then the file needs at least 660 and the folder needs at least 330. In reality you are not so concerned with owner access restrictions so these permission's would translate to - 600 => 700 300 => 700 660 => 760 330 => 730 However if your script runs in the owners authority then it is best restrict access to the bare minium (first permission's) without this translation. FTP and cPanel do not show file owners which makes things hard. To use php to see the file owners then read up on POSIX functions in php. To work blind, in most cases you can write a simple script that uploads files via the http: POST method and these will match the owner of other script created files. This can be done with a textarea html element for simple text files. For binary files you have to use the php $_FILES method. For text file use - $posted_text = $_POST['textarea_name'];// as in <textarea name=??? str_replace("\r\n", "\r", $posted_text); str_replace("\r", "\n", $posted_text); - to standardise the line delimiter while maintaining white space. I did start to write a file/folder browser like windows explorer that shows owner information but didn't finish it ;-( when I do finish it then I will upload it to the files section of this group. Clear as Mud?? Hope this helps anyway, Rob.