[PHP] Re: Permissions
On 08/27/2013 03:31 PM, Steven Post wrote: On Tue, 2013-08-27 at 13:43 -0400, Ethan Rosenberg wrote: Dear List - I apologize for this "needle in a haystack" but... This was originally posted on the PHP list, but has changed into a Debian question... Tried to run the program, that we have been discussing,{on the PHP list} and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] I made the following stupid mistakes... note commands from the root prompt have a su appended 467 chown -R ethan:www-data wwwsu 469 chown -R ethan:www-data wwwsu 470 chmod -R g+s www su 471 chgrp -R www su 477 chgrp -R ethan www su 480 chmod -R 766 www su 482 chmod g-S www su 485 chmod -S www su 486 chmod g S www su 487 chmod gS www su 488 chmod S wwwsu 489 chmod 776 www su 492 chmod 776 -R www su 494 chmod -s -R wwwsu 504 chmod 666 StoreInventory.php 512 chmod 3775 StoreInventory.php I now have ethan@rosenberg:/var/www$ ls -la StoreInventory.php -rwxrwsr-t 1 ethan ethan 4232 Aug 27 00:18 StoreInventory.php ethan@rosenberg:/var$ ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www and still have the 403 error. How do I extricate myself from the hole into which I have planted myself? The problem appears to be that Apache does not have access to the file. Looking at the permissions of the file it should work, however, apache is not able to go into your /var/www folder. Either you need to set www-data as the owner of the directory, or as the group owner, or, possibility number 3, give execute rights to 'others' on that folder. Pick one (you might need to be root for the first 2 in your situation): 1) chown www-data /var/www 2) chgrp www-data /var/www 3) chmod -R o+X /var/www Note the capital 'X' on option 3, this gives execute permissions on folders only, not files, as the -R means all files and subdirectories as well. The 't' is known as the sticky bit if I recall correctly, set with 1 on the first number in a 4 number chmod command, for details see [1]. I guess in your case you can use 0664 for the files and 0775 for directories (or 0640 and 0750 if you set owner or group back to www-data) Best regards, Steven you wrote about a 403 error, so I assume you invoke the script by calling a webserver via browser. In that case the webserver needs the permission to access /var/www and to read StoreInventory.php. By default the webserver runs as user/group www-data (it can be changed in the webservers config-file(s)). Try this: #chown -R ethan:www-data /var/www #chmod 775 /var/www #chmod 640 /var/www/StoreInventory.php Your ls should return something like this: $ls -hal /var/www drwxr-x--- 1 ethan www-data 4.0K Jun 3 20:35 . -rw-r- 1 ethan www-data 623 Jun 3 20:35 StoreInventory.php If that does not work you might check the configuration- and log-files of your webserver. Dear List - I had to go to a meeting but before I left I tried one last thing - chmod 000 www chmod 0777 www rosenberg:/var# ls -ld www drwxrwxrwx 37 ethan ethan 20480 Aug 27 17:30 www chown ethan StoreInventory.php chgrp ethan StoreInventory.php chmod 000 StoreInventory.php chmod 777 StoreInventory.php ethan@rosenberg:/var/www$ ls -la StoreInventory.php -rwxrwxrwx 1 ethan ethan 4232 Aug 27 17:25 StoreInventory.php when I returned... IT WORKS!!! Thanks to all. Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On 08/27/2013 01:52 PM, Ethan Rosenberg wrote: On 08/27/2013 03:07 AM, David Robley wrote: Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk I checked with the -Z option ethan@rosenberg:/var/www$ ls -lZ StoreInventory.php -rwxrwsr-t 1 ethan ethan ? 4232 Aug 27 00:18 StoreInventory.php Ethan PS David- I promise that I will not steal your tag line. My short hair American tabby cat [Gingy Feline Rosenberg]is too nice to have anything done to her. This has really morphed into a Debian issue. I have sent it to the Debian list. I will keep you informed. Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On 08/27/2013 03:07 AM, David Robley wrote: Ashley Sheridan wrote: On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: Ethan Rosenberg wrote: Dear List - Tried to run the program, that we have been discussing, and received a 403 error. rosenberg:/var/www# ls -la StoreInventory.php -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php rosenberg:/var# ls -ld www drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www I had set the S bit [probably a nasty mistake] and I thought I was able to remove the bit. [it doesn't show above] How do I extricate myself from the hole into which I have planted myself? TIA Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk I checked with the -Z option ethan@rosenberg:/var/www$ ls -lZ StoreInventory.php -rwxrwsr-t 1 ethan ethan ? 4232 Aug 27 00:18 StoreInventory.php Ethan PS David- I promise that I will not steal your tag line. My short hair American tabby cat [Gingy Feline Rosenberg]is too nice to have anything done to her. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On Tue, Aug 27, 2013 at 3:07 AM, David Robley wrote: > > I beg to differ here. If the x bit isn't set on a directory, that will > prevent scanning of the directory; in this case apache will be prevented > from scanning the directory and will return a 403. Well, that's partially correct. If a directory is owned by someone other than the current user (for example, root) and is 0776, you can list the directory content from outside of the directory to get a basic file listing. What you won't get by doing that, however, is anything other than the file name and type, because the kernel is forbidden from executing mtime, ctime, and owner/group queries on the files. In addition, you won't be able to enter the directory (cd). That said, if Ethan is running his Apache server as the user 'ethan' (which isn't mentioned) then it would be fine regardless. As for the 's' notation, that's either a bitmask of 0400 or 0200, which are for setuid and setgid, respectively. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
Ashley Sheridan wrote: > On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: > >> Ethan Rosenberg wrote: >> >> > Dear List - >> > >> > Tried to run the program, that we have been discussing, and received a >> > 403 error. >> > >> > rosenberg:/var/www# ls -la StoreInventory.php >> > -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php >> > >> > rosenberg:/var# ls -ld www >> > drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www >> > >> > I had set the S bit [probably a nasty mistake] and I thought I was able >> > to remove the bit. [it doesn't show above] >> > >> > How do I extricate myself from the hole into which I have planted >> > myself? >> > >> > TIA >> > >> > Ethan >> >> This is in no way a php question, as the same result will happen no >> matter what you ask apache to serve from that directory. >> >> You have the directory permissions set to 776 not 777. >> -- >> Cheers >> David Robley >> >> Steal this tagline and I'll tie-dye your cat! >> >> > > > 776 won't matter in the case of a directory, as the last bit is for the > eXecute permissions, which aren't applicable to a directory. What I beg to differ here. If the x bit isn't set on a directory, that will prevent scanning of the directory; in this case apache will be prevented from scanning the directory and will return a 403. > It's possible that this is an SELinux issue, which adds an extra layer > of permissions over files. To see what those permissions are, use the -Z > flag for ls. Also, check the SELinux logs (assuming that it's running > and it is causing a problem) to see if it brings up anything. It's > typically found on RedHat-based distros. > > Thanks, > Ash > http://www.ashleysheridan.co.uk -- Cheers David Robley Artificial Intelligence is no match for natural stupidity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Permissions
On Tue, 2013-08-27 at 16:16 +0930, David Robley wrote: > Ethan Rosenberg wrote: > > > Dear List - > > > > Tried to run the program, that we have been discussing, and received a > > 403 error. > > > > rosenberg:/var/www# ls -la StoreInventory.php > > -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php > > > > rosenberg:/var# ls -ld www > > drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www > > > > I had set the S bit [probably a nasty mistake] and I thought I was able > > to remove the bit. [it doesn't show above] > > > > How do I extricate myself from the hole into which I have planted myself? > > > > TIA > > > > Ethan > > This is in no way a php question, as the same result will happen no matter > what you ask apache to serve from that directory. > > You have the directory permissions set to 776 not 777. > -- > Cheers > David Robley > > Steal this tagline and I'll tie-dye your cat! > > 776 won't matter in the case of a directory, as the last bit is for the eXecute permissions, which aren't applicable to a directory. What It's possible that this is an SELinux issue, which adds an extra layer of permissions over files. To see what those permissions are, use the -Z flag for ls. Also, check the SELinux logs (assuming that it's running and it is causing a problem) to see if it brings up anything. It's typically found on RedHat-based distros. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Re: Permissions
Ethan Rosenberg wrote: > Dear List - > > Tried to run the program, that we have been discussing, and received a > 403 error. > > rosenberg:/var/www# ls -la StoreInventory.php > -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php > > rosenberg:/var# ls -ld www > drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www > > I had set the S bit [probably a nasty mistake] and I thought I was able > to remove the bit. [it doesn't show above] > > How do I extricate myself from the hole into which I have planted myself? > > TIA > > Ethan This is in no way a php question, as the same result will happen no matter what you ask apache to serve from that directory. You have the directory permissions set to 776 not 777. -- Cheers David Robley Steal this tagline and I'll tie-dye your cat! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Permissions on uploaded image don't allow for over writing
Dave <[EMAIL PROTECTED]> writes: > > The Question: > How do I allow a user, who is uploading via the web, place an > image on the server with permissions that allow the file to be over > written? > Since you say that the images are uploaded using HTTP, the files will be owned by the user apache (or nobody). The file permission allow read and write to the owner. You do not need to modify them. If the user again uploads the files via HTTP, you do not have to worry about whether he has the permissions to overwrite the files. He *will* be able to overwrite the files. -- Raj Shekhar System Administrator, programmer and slacker home : http://rajshekhar.net blog : http://rajshekhar.net/blog/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PERMISSIONS
Breno Cardoso Perucchi writes: > HI, > I am trying to use a script php with the command: > system("mkdir /home/hosting/test"); > but the PERMISSION IS DENIED and I am the root on my server. > > How I change the user to root? > If you /really/ want to use this, use a C wrapper that's setuid root. Otherwise, give access to your httpd user to the mentioned directory. -jesse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php