Without seeing your code... only one guess: what are the permissions on
the file like? When you're running the script from the web server,
you're running it as the user under which the web server is running
(usually nobody or apache if you're using Apache on Linux), and this
causes problem if that particular user doesn't have access to the file.

There are very few solutions to this problem (at least as far as I
know). One is the suexec module for Apache, that lets you impersonate
root or another user, but you have to be *extremely* careful with the
permissions. The other is to change the default permissions of the file
so that everyone can delete and modify it, but that might not work well
for your needs. Yet a third one would be to impersonate directly from
PHP, for example through a call to su, but there are pitfalls there as

Hope this helps.

On Sun, 2002-10-13 at 02:37, David Cook wrote:
> Hi all,
> Got a question regarding using php scripts as cgi's.
> What I am trying to do is this. (ya may need a bit of background, it gets a
> little complicated... well for me its complicated)
> Im building a web based email system using php (duh) as the front end and
> glue for everything, part of it is using a program called getmail to
> retreive remote pop accounts to the virtual accounts on the server (its all
> virtual using qmail/vpopmail and courier-imap). The various setttings for
> this are in a file called getmailrc, in the virtual users home dir, (this
> will also be theoretically relevant when I try and do the same thing with a
> server side filtering program called maildrop.. but one at a time I reckon
> :))
> ie. /home/vpopmail/domains/some.email.domain/someuser/.getmail/getmailrc
> This file is owned specifically by a user/group otherwise getmail wont work
> ie: -rw-r--r--    1 vpopmail vchkpw        585 Sep 29 07:16 getmailrc
> any permissions other than this will tweak getmails internal security and
> stop it.
> I decided to minimise security problems and use mysql as an intermidiary
> storage for any rules created for getmail, which works fine. :) (yay me..
> lol)
> NOW comes the problem, I need to write (overwrite) that getmailrc file after
> the user has finished messing with their settings, to do this I decided that
> since the file can only be read/written to by the vpopmail/vchkpw
> user/group, that I would knock up a php script to run as a cgi, that would
> do only one thing: Upon a button being pressed to 'finish edit' the new
> rules would be written to the mysql table, then the cgi would be invoked
> with a particular identifier so that it could then look up the mysql table
> (using that identifier so it gets the right rows), and following some rules
> inbuilt, write out the getmailrc file with that restrictive permissions set.
> I wrote up a script that was just for POC, that would get the data for where
> that file was supposed to be (the /home/vpopmail/etc...etc) and read it,
> then break out the various details and display it, basically just showing me
> what was already in the file. (using the shebang method, as my php cgi
> interpreter is OUTSIDE the web tree, but thats another story of getting the
> damn thing to work at all... damn RPM'S sometimes...
> that --enable-force-redirect had me stuck for a few days)
> When I tested it out from the shell, using ./getmailtest.cgi as root, it
> worked, in that it did what it was sposed to.. display the contents of the
> getmailrc file. This cgi php script is owned by vpopmail/vchkpw which should
> allow reading the file as said above
> Great, thought I, and proceeded to attempt linking to it from within the
> editing script, using both an attempt with a 'submit' button and a click
> through link.
> Now comes the prob, it fails, with an error of being unable to either open
> the file, or that the file doesnt exist (depending on what I fiddle with in
> the script).
> Would anyone have any ideas as to what may be going wrong here? I havent
> tried doing this before, using php as a cgi to do stuff to files on the
> system, so I am at quite a loss, and any help would be appreciated.
> Regards
> David Cook
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to