The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP scripts are unable to create files...

Discussion in 'Security' started by XaHyMaH, Jan 31, 2005.

  1. XaHyMaH

    XaHyMaH Member

    Joined:
    Jan 31, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    ... to the folders with 755 rights because "Permission denied"
     
  2. whmapi.scripts

    whmapi.scripts Well-Known Member

    Joined:
    Sep 1, 2004
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    United Kingdom
    That's correct because php runs as nobody unless phpsuexec is installed and 755 means only the owner "you" can write to those folders. Chmod the folder to 777 and it will work!
     
  3. XaHyMaH

    XaHyMaH Member

    Joined:
    Jan 31, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    chmod 777? Does it mean that everyone from the web can write to that folder?
     
  4. whmapi.scripts

    whmapi.scripts Well-Known Member

    Joined:
    Sep 1, 2004
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    United Kingdom
    Yes, but if you need php to write to it then you have no choice though your host should have protection in place to prevent other users on the server from accessing those folders via php such as php open base directory protection. The only way those folder can be written to otherwise is if someone finds/uploads an exploit to your server so you should practice good web security.
     
  5. XaHyMaH

    XaHyMaH Member

    Joined:
    Jan 31, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    My logic is almost BSOD'ed :eek:
    How's that - scripts are mine. The guy who uploaded them is me. But their rights like not mine.
    Is there any solutions other than chmod 777 :confused:
     
  6. whmapi.scripts

    whmapi.scripts Well-Known Member

    Joined:
    Sep 1, 2004
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    United Kingdom
    Not unless php is run under phpsuexec! Basically, you own the file but php is a different user to you, the user "nobody". If php was you then every user on the server would require their own copy of php! If php open base directory protection is in place then you have nothing to worry about and anyway, why are you so paranoid :D


    CPSCRIPTS
     
  7. XaHyMaH

    XaHyMaH Member

    Joined:
    Jan 31, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    What is phpsuexec and how to do this?

    Soi homini :rolleyes:
     
  8. fusioncroc

    fusioncroc Well-Known Member

    Joined:
    Sep 28, 2004
    Messages:
    261
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    U.K.
    phpsuexec can cause some problems but it normaly works good theres also suphp which is supposed to be good
     
  9. jdpravin

    jdpravin Registered

    Joined:
    Aug 23, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    PHPSUEXEC is a module for Apache which can be used to run PHP as a CGI under
    the User of the web site owner. If it is not set up completely, it will
    require that the #! be included at the front of the php code in order to
    invoke PHP as the CGI.

    :)

    :)
     
  10. whmapi.scripts

    whmapi.scripts Well-Known Member

    Joined:
    Sep 1, 2004
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    United Kingdom
    Bah to shebang lines is all I can say :rolleyes:
     
  11. XaHyMaH

    XaHyMaH Member

    Joined:
    Jan 31, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    what problems?
     
  12. dwh2

    dwh2 Well-Known Member

    Joined:
    Jan 14, 2004
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16

    What exactly does it mean that everyone to the web can write to the folder? Anyone visiting a website with a file writable to anyone can just enter a url and write to it? This always confused me. That writable file by itself is not a security hole, there has to be another hole first, correct?
     
  13. Xenon101

    Xenon101 Well-Known Member

    Joined:
    Mar 13, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    "Everyone on the web can write to that folder"
    bullshit is all i have to say. 'everyone' on the server could however if its a cpanel server that is gonna be impossible due to restrictions. Chmod 777 basically means users such as apache, php etc can write to.

    Quit worrying! Unless as dwh2 said there is a security hole in a file there are no other known security holes for this.
     
  14. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,382
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I prefer suPHP over PHPSuExec. Of course, I never really played with PHPSuExec that much, but I couldn't figure out how to enable it and disable it for certain accounts. This is something you can do with suPHP.
     
Loading...

Share This Page