PHP scripts are unable to create files...

whmapi.scripts

Well-Known Member
Sep 1, 2004
92
0
156
United Kingdom
XaHyMaH said:
... to the folders with 755 rights because "Permission denied"
That's correct because php runs as nobody unless phpsuexec is installed and 755 means only the owner "you" can write to those folders. Chmod the folder to 777 and it will work!
 

XaHyMaH

Member
Jan 31, 2005
5
0
151
cpscripts said:
That's correct because php runs as nobody unless phpsuexec is installed and 755 means only the owner "you" can write to those folders. Chmod the folder to 777 and it will work!
chmod 777? Does it mean that everyone from the web can write to that folder?
 

whmapi.scripts

Well-Known Member
Sep 1, 2004
92
0
156
United Kingdom
XaHyMaH said:
chmod 777? Does it mean that everyone from the web can write to that folder?
Yes, but if you need php to write to it then you have no choice though your host should have protection in place to prevent other users on the server from accessing those folders via php such as php open base directory protection. The only way those folder can be written to otherwise is if someone finds/uploads an exploit to your server so you should practice good web security.
 

XaHyMaH

Member
Jan 31, 2005
5
0
151
My logic is almost BSOD'ed :eek:
How's that - scripts are mine. The guy who uploaded them is me. But their rights like not mine.
Is there any solutions other than chmod 777 :confused:
 

whmapi.scripts

Well-Known Member
Sep 1, 2004
92
0
156
United Kingdom
XaHyMaH said:
My logic is almost BSOD'ed :eek:
How's that - scripts are mine. The guy who uploaded them is me. But their rights like not mine.
Is there any solutions other than chmod 777 :confused:
Not unless php is run under phpsuexec! Basically, you own the file but php is a different user to you, the user "nobody". If php was you then every user on the server would require their own copy of php! If php open base directory protection is in place then you have nothing to worry about and anyway, why are you so paranoid :D


CPSCRIPTS
 

XaHyMaH

Member
Jan 31, 2005
5
0
151
cpscripts said:
Not unless php is run under phpsuexec!
What is phpsuexec and how to do this?

cpscripts said:
If php open base directory protection is in place then you have nothing to worry about and anyway, why are you so paranoid
Soi homini :rolleyes:
 

fusioncroc

Well-Known Member
Sep 28, 2004
261
0
166
U.K.
phpsuexec can cause some problems but it normaly works good theres also suphp which is supposed to be good
 

jdpravin

Registered
Aug 23, 2004
4
0
151
Hi,

PHPSUEXEC is a module for Apache which can be used to run PHP as a CGI under
the User of the web site owner. If it is not set up completely, it will
require that the #! be included at the front of the php code in order to
invoke PHP as the CGI.

:)

:)
 

dwh2

Well-Known Member
Jan 14, 2004
106
0
166
cpscripts said:
Originally Posted by XaHyMaH
chmod 777? Does it mean that everyone from the web can write to that folder?



Yes, but if you need php to write to it then you have no choice though your host should have protection in place to prevent other users on the server from accessing those folders via php such as php open base directory protection. The only way those folder can be written to otherwise is if someone finds/uploads an exploit to your server so you should practice good web security.

What exactly does it mean that everyone to the web can write to the folder? Anyone visiting a website with a file writable to anyone can just enter a url and write to it? This always confused me. That writable file by itself is not a security hole, there has to be another hole first, correct?
 

Xenon101

Well-Known Member
Mar 13, 2005
72
0
156
"Everyone on the web can write to that folder"
bull**** is all i have to say. 'everyone' on the server could however if its a cpanel server that is gonna be impossible due to restrictions. Chmod 777 basically means users such as apache, php etc can write to.

Quit worrying! Unless as dwh2 said there is a security hole in a file there are no other known security holes for this.
 

sparek-3

Well-Known Member
Aug 10, 2002
1,985
218
343
cPanel Access Level
Root Administrator
I prefer suPHP over PHPSuExec. Of course, I never really played with PHPSuExec that much, but I couldn't figure out how to enable it and disable it for certain accounts. This is something you can do with suPHP.