tgavin

Well-Known Member
Jul 27, 2004
46
0
156
I have a php script that creates directories and sets the permission. Now I need to have that script set the owner and group of that created dir from 'nobody' to the site's owner.

When I run the following, I don't receive any errors, but it also doesn't change the owner. How can I get this to work? Is there something within cpanel that I need to disable?

Code:
$user  = "username";
$path  = "/home/".$user."/public_html/media/";
$own = "chown -R ".$user." ".$path."";
$own = escapeshellcmd($own);
exec($own);
if(!$own) {
     die("Can not change ownership on the folder.");
}
 

BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
619
0
166
That wont would you need to be root to do that.

You best bet is too set a cronjob that does that.
 

tgavin

Well-Known Member
Jul 27, 2004
46
0
156
BianchiDude said:
That wont would you need to be root to do that.

You best bet is too set a cronjob that does that.
Thanks for your reply. A cronjob won't work for me. This is written for a customer, who will only use this script once in a while. Not very often. If I were to set up a cronjob it would have to run all the time, to anticipate when they're going to run this script. Unless you know of a way for php to set and delete a crontab.

Also, it just seems odd to me that php would have these functions if they only worked with a cronjob, or as root.
 

RickG

Well-Known Member
Feb 28, 2005
238
2
168
North Carolina
The issue is that the PHP process doesn't have sufficient privileges to change the file ownership. Are you using PHPSuExec? If so, wouldn't the files automatically be created as the site owner (rather than nobody)?
 

tgavin

Well-Known Member
Jul 27, 2004
46
0
156
RickG said:
The issue is that the PHP process doesn't have sufficient privileges to change the file ownership. Are you using PHPSuExec? If so, wouldn't the files automatically be created as the site owner (rather than nobody)?
How can I tell if I'm using PHPSuExec? Is there a way to just enable/disable it for that one domain using .htaccess?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
No, it's a server-wide setting. If files are being written from php scripts with the user nobody then you're not running phpsuexec.
 

tgavin

Well-Known Member
Jul 27, 2004
46
0
156
chirpy said:
No, it's a server-wide setting. If files are being written from php scripts with the user nobody then you're not running phpsuexec.
Well, I guess the next questions is "Do I want to run phpsuexec?" Yes? No? Why?
 

NightStorm

Well-Known Member
Jul 28, 2003
286
4
168
cPanel Access Level
Root Administrator
Twitter
Security-wise? HECK YES. It assures that any file written to the server is given permissions for the proper owner, instead of "nobody". This includes any files that are dropped into /tmp by php exploits. it also further locks down the security to help prevent writing to directories that do not belong to you... if you drop a file owned by user1:user1 into directory /home/newuser/public_html, Apache will not allow it to run (it's owned by the wrong person). It will also make sure that user1 can not write to any file owned by newuser... with server-created files owned by nobody, technically, any other user can write to it as well, since the ownership is the same.
Downside? No more 777 directory permissions. 755 is the best it gets... but since the file ownership is fixed, this is good enough. Any of your users that have 777 will need to step it down, though. No php flags can be written into htaccess, either, so any custom php settings for an account will need to be written into a php.ini file, and dropped in each folder it needs to affect. This is a downside, but a small one, in the grander scheme of things.
Just imagine. Someone exploits your server, and drops a perl file into your /tmp directory by using something like the phpBB exploit. Without phpSuExec, this file is owned by nobody:nobody, and you get to spend the next few hours going through logs to find out who's account was exploited by this. With phpSuExec, the ownership of the file will tell you right away who's account it came from.
 

tgavin

Well-Known Member
Jul 27, 2004
46
0
156
Thanks for the explanation! :)

For this one account in question, I have some custom settings. PHP files are running with .html extensions (the site was redesigned/rebuilt with php, but we wanted to keep the search engine links in place). There is also a custom CMS written in php that allows for file uploads into directories chmod'd 0777.

With phpsuexec on, will I be able to upload into directories with perms set to 0755?
Will I need to create a php.ini file for the .html extension? If so, how would I do that? Could I just do that server-wide, instead of on a site-by-site basis?

Thanks to all for your help!
 

NightStorm

Well-Known Member
Jul 28, 2003
286
4
168
cPanel Access Level
Root Administrator
Twitter
phpSuExec is serverwide, unless you manually compile a second build and run it independantly alongside.
Yes, you will be able to upload, so long as the directory has the proper ownership permissions (username:username).
The extension would not make a difference, so long as Apache still knows to handle html extensions with the php exec. Another option you could make, of course, would be to use a htaccess mod_rewrite to forward all *.html to *.php for that domain. This would solve the search-engine problem.
How exactly does php know to handle the html extension? Is it hardcoded into your httpd.conf file, or added into an htaccess?
 

tgavin

Well-Known Member
Jul 27, 2004
46
0
156
NightStorm said:
How exactly does php know to handle the html extension? Is it hardcoded into your httpd.conf file, or added into an htaccess?
It's added into .htaccess at the site's root. How would I hardcode it into httpd.conf?