tags:

views:

440

answers:

3
Q: 

CHMOD a linux directory using PHP on an apache server

Has anyone ever used PHP (proven and successful) to CHMOD a directory through a Web Browser?

My roadblocks are: (a) PHP script runs as "nobody" from the browser (b) directory above the one I want to CHMOD is owned by the ftp user and "nobody" does not have write permissions to it

So when I try to chmod 0666 /usr/www/dirOwnedbyFTPuser/dirIamTryingToCHMOD/ I get Permission denied

If you have ever written and successfully run a script to do this, can you share the snipit of code with me? Thanks...been at this for months.

+1  A: 

Yes, you can chmod from php via a web browser. (yes we all know it can be a bad idea)..

But - you can only chmod files that the php script has permission to use! if your web server runs PHP as nobody, then you can chmod any files owned by "nobody"...

Kiall  2010-03-10 13:52:51
+1  A: 

Yes it is possible to do this via php. Usual linux permissions rules apply however so as you are looking to chmod scripts not owned by the apache user (nobody) and the apache user does not have write permissions then one method is to give apache permission to use sudo

Be warned - this is potentially a massive security hole!!!

You can give apache permission to use sudo by editing the sudoers file. It is recommended that you do not edit this file directly as an error can leave you completely screwed so on my (Ubuntu) system I type

sudo visudo

Then you need to add a line for your "nobody" user. You can restrict sudo permissions to a particular script or folder so i would recommend writing a shell script to change the permissions and then placing this in a folder away from any other scripts. That way apache doesn't have complete root privileges on your system (which is a pretty scary thought). You can also put some code in the shell script to restrict which files can be changed.

You also need to allow apache to sudo without a password as you have no way of entering the password through php. So the line you would add is something like

nobody ALL=(ALL)NOPASSWD:/path/to/my/script

Then in php you just prefix the command with sudo

passthru ("sudo /path/to/my/script ...");

(there are a few other functions you can use instead of passthru(), was just the first that came to mind)

As I said before, this is potentially very dangerous and whilst the above will work, I have only used it on my own private system before, never on a public production server. I'm sure plenty of people will have comments on the security of this so I would be interested to hear what other potential pitfalls and security holes there could be with this method. I know a similar thing can be done using SuExec but am not so familiar with it so if anyone has any pros or cons of SuExec over this method I would be interested to hear them.

Final note: I would change the apache user from nobody to something like 'apache' or 'www' - probably just being silly but I don't like the idea of giving root permissions to a user called nobody!!!

Hope this helps!

Addsy  2010-03-10 14:23:28
Thanks Addsy. I do not want to have to make any server-side tweaks so updating the sudoers file is not a path I want to take (http://stackoverflow.com/questions/2230391/php-shell-exec-and-sudo-must-be-setuid-root).
Dr. DOT  2010-03-10 17:50:41
A: 

http://www.php.net/ftp You could have php log in as the ftp user and do it.

chris  2010-03-10 16:10:25
Yes Chris...thanks! I have already gone down that path and have successfully scripted it to work. Now my dilemma is changing the groupname of a directory. I have tried ftp_site($ftpStream, 'chgrp nobody '.$directory) but I cannot get it work work.Does anyone out there have any success changing a directories group via ftp_connect() ?Thanks.
Dr. DOT  2010-03-10 16:33:34

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases