Re: [PHP] chown ..opperation not permitted
On Monday, April 15, 2002, at 01:54 PM, John Weez wrote: I have a script which makes a directory. This directory is owned by nobody.nobody because that is what apache runs as. But, I want this directory to be owned by a differrent user. So, After making the directory i use the php command chown to change the directory ownership. Now, I get an error saying opperation not permitted. I figured this is because of some security problems... So i try dropping in to the shell using teh backtick operator and by also setting up sudo to give access to the chown command to user nobodythis does not work from my php script BUT, it does work fine if i enter it on a shell line... Are you saying that when you are logged in as nobody, you can execute chown otheruser directoryname? If that is so then PHP, which runs under Apache which runs as nobody, should also be able to execute that command. But I wonder if you really can execute that command -- why would nobody have permission to change the ownership of a file to otheruser? I certainly hope that nobody doesn't have superuser privileges on your system. Try using chgrp instead -- you can have nobody belong to group otheruser and change the group of the file to otheruser. NOTE: You're better off running Apache as some other username (like apacheuser) and under some other group (like apachegroup). Several other systems run under nobody on most Unix systems, so you could compromise those if nobody is compromised. Erik (somebody) Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chown ..opperation not permitted
No, user nobody does not have access to chown command. This is part of my problem i suspect. Erik Price wrote: Are you saying that when you are logged in as nobody, you can execute chown otheruser directoryname? If that is so then PHP, which runs under Apache which runs as nobody, should also be able to execute that command. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] chown ..opperation not permitted
Good day. As you've probably surmised, chown needs to be run as the root user, even if the file or directory in question is owned by the user wanting to make the change. Setting up sudo access should work properly. Ensure that the service is actually running as nobody and not another unprivileged user. However, it should be mentioned that this is a very, very insecure method! The chown operator was designed more for PHP command-line scripts that would be run as another user. You may want to re-evaluate why you are changing ownerships of directories from a web page, and determine if there is a safer, more secure way of doing what you want. Darren Gamble Planner, Regional Services Shaw Cablesystems GP 630 - 3rd Avenue SW Calgary, Alberta, Canada T2P 4L4 (403) 781-4948 -Original Message- From: John Weez [mailto:[EMAIL PROTECTED]] Sent: Monday, April 15, 2002 11:55 AM To: [EMAIL PROTECTED] Subject: [PHP] chown ..opperation not permitted Hi all, My config is Apache 1.3 with PhP4 loaded as a module. I have a script which makes a directory. This directory is owned by nobody.nobody because that is what apache runs as. But, I want this directory to be owned by a differrent user. So, After making the directory i use the php command chown to change the directory ownership. Now, I get an error saying opperation not permitted. I figured this is because of some security problems... So i try dropping in to the shell using teh backtick operator and by also setting up sudo to give access to the chown command to user nobodythis does not work from my php script BUT, it does work fine if i enter it on a shell line... There must be a simple way that I can implement the chown function in php? Any ideas??? John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chown ..opperation not permitted
On Mon, Apr 15, 2002 at 10:54:51AM -0700, John Weez wrote: : : I have a script which makes a directory. This directory is owned by : nobody.nobody because that is what apache runs as. But, I want this : directory to be owned by a differrent user. So, After making the : directory i use the php command chown to change the directory ownership. : Now, I get an error saying opperation not permitted. The 'chown' command can only be executed by the superuser. The next question to ask is, why do you want this PHP-created directory to be owned by a different user? -- Eugene Lee [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chown ..opperation not permitted
On Monday, April 15, 2002, at 02:05 PM, John Weez wrote: No, user nobody does not have access to chown command. This is part of my problem i suspect. So then your chown command's permissions do not allow everyone to execute it? If this is not the standard setup, so I would speak to your system administrator and find out why chown is not available. On most systems I've seen, chown is a standard utility that both its owner, members of its group, an everyone else on the system has access to. This means that nobody has access to it as well. Whether or not nobody has permission to change the ownership of a file to someone else is another matter entirely. Erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chown ..opperation not permitted
On Monday, April 15, 2002, at 02:22 PM, Darren Gamble wrote: Setting up sudo access should work properly. Ensure that the service is actually running as nobody and not another unprivileged user. However, it should be mentioned that this is a very, very insecure method! The chown operator was designed more for PHP command-line scripts that would be run as another user. You may want to re-evaluate why you are changing ownerships of directories from a web page, and determine if there is a safer, more secure way of doing what you want. Yes, I wouldn't give nobody privileges to do anything with sudo. You're better off making nobody a member of the same group as the other user, and using chgrp. erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php