I developed a script which updates some static HTML pages. The script creates temporary files and opens them for writing. It then reads the HTML content of PHP-generated pages and writes that to the temp files. If that's successful, it copies the temp files to the static files, thus updating them. This worked without problem for several months, but recently started throwing a permissions error:
> Warning: fopen(temp_list_auctions.html): failed to open stream: > Permission denied in > /home/williams/public_html/generate_auction_lists.php on line 55 > Unable to open temporary file (temp_list_auctions.html) for writing. The same script still works fine in public_html/dev, which is a directory I use for testing. I asked the commercial host why this has become a problem and why it works in public_html/dev but not in public_html. Here's the reply (which does not explain why it once worked): > The reason the problem occurs in the public_html directory is because > the directory is owned by user: williams group: nobody. Your account is > setup like this so no one can write into your root directory, except a perl > script or a PHP script on your site executed as a CGI. By chmoding the > public_html directory to 777 you make the ownership settings useless. The > directory named dev is owned by user: williams group: williams so your PHP > script has no trouble writing to it with 757 permissions. > > So you could either chmod the public_html directory to 777 or we could chown > the directory to user: williams group: williams. I don't want the public_html directory set to 777, but I certainly want PHP to be able to update files. Is there a security problem with having public_html owned by user: williams, group: williams? Would it be better to rewrite my script so that it doesn't need to create files? Comments on the best approach for security and reliability would be appreciated. -- Lowell Allen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
