ZipArchive php class extract files as root. Why?

Question

I have a php script:

$extract_dir = "./";
$extract_file = "extractME.zip";

$zip = new ZipArchive;
$res = $zip->open($extract_file);
if ($res === TRUE) {
    $zip->extractTo($extract_dir);
    $zip->close();
    echo "ok";
} else {
    echo "failed";
}

But when I execute this script, via http://www.mywebsite.com/extract.php

All the files on FTP are show with OWNER 'root', but not the user ex . 'neo' as it should be. So the user cant edit/rename/delete these files.

Is it possible to fix this anyhow (I own the server), that files will be extracted with 'USERNAME' OWNERSHIP ?

Thanks for any help. I'm stuck with this.

Answer 1

It extract as the user running the webserver (note: you should not be running it as root). Try using chown.

Answer 2

ozzwanted, for some reason your web server (apache) is running as root so any file it makes will be made as root. This should never be the case. apache usually runs as 'www-data' or 'httpd', or 'nobody' or 'god' depending on the linux distro.

I suggest you look into this from a sysadmin point of view and have someone sort it out for you before you end up getting exploited. (assuming this is a live server)

You can use www.php.net/chown function or your can run a 'chown' command on the command line or do it from PHP with something like system() or exec() functions.

Good luck.