PHP Upload file permission problems

[bridgeway04]

Guys/Gals

Im using a PHP upload script that was previously working flawlessly. Recently for some reason unknown to me, when i do a php file upload it assignes the file permissions: 600 and owner gets set to 99. Im not sure what eh owner was set to previously when it was working before the change, however i do know that permissions were set to: 644 by default when it was uploaded.

The real problem is that I cant even download the file via ftp.

So my question is: Is there an apache setting that was updated or changed that is causing this and can it be changed in a secure way? This has become a headache for me and i would like to get it resolved... Any ideas?

 

[cPanelJamyn]

Hi,

Without seeing the script in question, it's difficult to give you an accurate answer. However, it sounds like you are using suPHP for apache (good) but your script is acting as though you are still using DSO mode (bad). UID 99 is typically the 'nobody' user, which matches this theory.

Is there a config file for your upload script that allows you to specify how it behaves in regards to ownership, and/or and what the perms should be for uploads? I'd also check to see if there is a newer version of whatever you're using that accounts for suPHP installs.

 

[Spiral]

Cpaneljamyn hit it right on target ....

Your server is running PHP as a DSO (mod_php) which is very bad for many reasons including security, resource waste, and as you have now seen ownership conflicts.

Any file uploaded by script under DSO will be given the owner "nobody" which is fine until you realize you have to access the file with some other account other than the generic Apache "nobody" user which might be you trying to edit the file or even the nightly backup process which will often skip those files and omit them from backup for the same reason.

I strongly do not recommend using DSO based PHP on any server ....

There is two strong alternatives that I would look to as to the type of PHP you should be using depending on your situation. On is SuPHP and the other is FCGI and there is certain advantages and strengths to each so which you go with really depends on your own situation but I would definitely look to getting one of those for your PHP platform.

If you are on a shared hosting account and don't have access to change the PHP on your server then my advice is change hosts quickly.

Regarding your immediate problem, you will need to change the permissions on the files to something other than 600 such as 644 or even 666 if necessary and then you should be able to fully access those files with your own login. If you are wondering how you can do that, you should be able to change the permissions from another PHP script because it will also execute as user "nobody" while your server still remains DSO based.

Bottom line though is get off of DSO and you won't have this problem anymore.

 

[meglio]

The same problem, 666 does not help

Hello.

I have the same problem and I assigned 666 permission before to change file owner. Here is an example:

exec("chmod 0777 /home/meglio/license.txt");
exec("chown meglio /home/meglio/license.txt");

license.txt now has all permissions, but owner is still "nobody".
Any ideas?

Thanks,
Anton

UPDATE

My hosting provider support confirmed that we are not running suPHP and he proposed to reconfigure
the server to run under suPHP.

I currently have 2 big sites running on this server and I'm afraid if this switch will affect them somehow?
The priority is to solve the problem by keeping everything working live on the server.