The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

security php fopen chmod 777

Discussion in 'Security' started by skyshine, Oct 6, 2005.

  1. skyshine

    skyshine Registered

    Joined:
    Oct 6, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi

    If using php in a cPanel account the only way I can write to a file is to CHMOD as writable to everybody . I would have thought this is a security issue, enabling anyone to write to that file. Can someone please clarify? I have read somwhere that for some reason this is still secure, but I question that.

    eg
    $fileH = fopen("/home/path/to/file","w");
    comes up with
    Warning: fopen(/home/path/to/file): failed to open stream: Permission denied in /home/path/to/file on line 2
    unless CHMOD xx6 or xx7

    Many Thanks
    Sky
     
  2. sv1

    sv1 Well-Known Member

    Joined:
    Aug 31, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    We have an issue on a server which we upgraded php and after running /scripts/convert2maildir

    Warning: fopen(/tmp/horde_32001.log): failed to open stream: Permission denied in /usr/local/cpanel/3rdparty/lib/php/Log/file.php on line 202

    Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/3rdparty/lib/php/Log/file.php:202) in /usr/local/cpanel/base/horde/login.php on line 96
     
  3. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    first try chmod 755 and if that doesn't work temporary you will have to chmod 777 that file until you resolve the problems, and yeap, it's kind unsure that..
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Just delete the /tmp/horde_32001.log file and it should recreate itself with the correct ownership. Also, do make sure that /tmp is chmod 1777.

    Yup, welcome to the crap php security model. Oh wait, it doesn't have one. If you want to avoid that you'd have to rebuild apache with phpsuexec enabled.
     
Loading...

Share This Page