Re: [PHP] Writing Files (Unix, Apache, PHP 4.0.X) [Newbie Alert]

[Jason Teagle]

John Holmes [EMAIL PROTECTED] wrote in message
001701c20901$eecbb4e0$b402a8c0@mango">news:001701c20901$eecbb4e0$b402a8c0@mango...

 Does the file already exist? It's not enough to change the directory
 permissions, you also have to change it on the file if it exists, and
 all of the folders above it, so that apache can get to the file. In
 order for PHP to open or create this file, the user that apache runs as
 must have permission to the folder and file.

Thanks for this answer. It did not already exist, so I tried creating it,
setting permissions manually and then that part worked. However, other
issues popped right up, as follows:

1. I'm trying to 'include' PHP files in my scripts that contain handy
functions I have prepared, like this:

include 'subdir/include_file.php';

When I set the permissions on this file to read only for everybody, the
include failed - I had expected only read permission to be necessary to
include the file - I had to give it execute permission! Why?

2. What are the minimum permissions necessary on files to do the following
with them:
a) 'include' them in other PHP files [PHP] (r?)
b) open them for reading only [PLAIN TEXT] (r?)
c) open a new file for writing only (no prior file) [PLAIN TEXT] (w?)
d) open a file for writing only when it already exists [PLAIN TEXT] (w?)
e) 'unlink' a file [PLAIN TEXT] (w?)
f) 'rename' a file [PLAIN TEXT] (w?)

3. What are the dangers of giving files permissions such as this (does it
make my site insecure by giving too much permission, is what I'm asking)?

4. I have heard that you can impersonate different user levels when doing
such operations so that you give the file different ownership - can you,
should I, how do I, and what dangers are there? Bear in mind this script
will be executed from the Web page as available to all and sundry.

What I'm trying to do is:

a) Read a text file and display contents as Web page
b) Get information from the user
c) Read another text file, building a new temp file as I go, and modifying
the data relevant to the user input
d) Deleting the old file and renaming the new to replace it


Sorry for all the questions, trying to get a grip on it. I'm used to C(++)
and local programs, so I don't get this problem {:v)

--

_ _
o oJason Teagle
   [EMAIL PROTECTED]
 v




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Writing Files (Unix, Apache, PHP 4.0.X) [Newbie Alert]

[John Holmes]

Does the file already exist? It's not enough to change the directory
permissions, you also have to change it on the file if it exists, and
all of the folders above it, so that apache can get to the file. In
order for PHP to open or create this file, the user that apache runs as
must have permission to the folder and file.

---John Holmes...

 -Original Message-
 From: Jason Teagle [mailto:[EMAIL PROTECTED]]
 Sent: Friday, May 31, 2002 4:35 PM
 To: [EMAIL PROTECTED]
 Subject: [PHP] Writing Files (Unix, Apache, PHP 4.0.X) [Newbie Alert]
 
 I'm trying to open a file for writing using
 
 $hOutFile = fopen(filename.tmp,w);
 
 but I'm getting Permission denied. The directory has write
permission
 for
 all user levels. Since this is the root www directory, I also tried
 
 
 $hOutFile = fopen(subdir/filename.tmp,w);
 
 but this also gave the Permission denied.
 
 Can anyone suggest any reasons why this might happen? Do some hosts
not
 allow programs to write files like this? Database updates only?
 
 I see a note at http://www.php.net/manual/en/function.fopen.php saying
 check your Apache permissions... - forgive me for being an idiot,
but
 how
 do I do that? {:v)
 
 
 --
 
 _ _
 o oJason Teagle
[EMAIL PROTECTED]
  v
 
 
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php