|
Posted by "Richard Lynch" on 10/11/05 01:28
On Tue, October 4, 2005 12:21 am, Keith Spiller wrote:
> chown("$endpath", "admin");
>
> to try to change the owner of directories after using mkdir()
> to create them. It continues to fail on my remote Fedora server.
>
> I know the path is correct because mkdir() works perfectly.
> Apache sets the owner as 48 when the directory is created.
>
> I am not running in safe mode.
>
> The php.net documentation does not make certain things
> clear to me... For example, do I need to be using a user id
> number instead of a name? Will the chown only work if
> the server is setup as a super user?
Seems to me that 'chown' is simply not gonna work at all unless PHP is
running as root, which should really only be done (if at all) in CLI.
Okay, maybe some suExec CGI situation is "okay"...
But, yeah, your regular PHP script running on a website isn't gonna
have permission to chown() a file -- If it did, anybody on the system
could, oh, upload a binary, chown it to 'root', and chmod it to run AS
root, then take over the machine in about, oh, 10 seconds.
That would be bad.
It's not that chown() doesn't work -- It's that you're trying to use
it in a situation where it should NOT work.
What you may want to consider doing is putting user 48 and your FTP
users in a common group, and then chmod() the files to be
group-writable or whatever you need. That's probably the easiest
answer.
Another possibility is to write a root-owned cron job to chown/chmod
the files as needed based on their directory and/or existence in some
kind of database or... Gotta be more careful with that, as it's too
easy to end up opening up a hole.
--
Like Music?
http://l-i-e.com/artists.htm
[Back to original message]
|