Jump to content


Photo

What exactly happens when I chown a file?


  • Please log in to reply
13 replies to this topic

#1 Jen

Jen
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 15 August 2006 - 07:34 PM

Can someone explain what it means to "own" a file, and what's the default for a server?  Can files own files, or users, or what?  How do I use chown?  The tutorial on this site did not help much.

#2 effigy

effigy
  • Staff Alumni
  • Advanced Member
  • 3,600 posts
  • LocationIL

Posted 15 August 2006 - 08:15 PM

See if this helps. By default, files are owned by their creators, and only users can own files. Try man chown at the command line.
Regexp | Unicode Article | Letter Database
/\A(e)?((1)?ff(?:(?:ig)?y)?|f(?:ig)?)\z/

#3 Jen

Jen
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 15 August 2006 - 09:48 PM

What is man chown?  I'm actually trying to change some file access permissions on a server.  I have a file containing password data that needs to be inaccessible to the general public (and currently is accessible), and I have a file containing other data that needs to be written to periodically by my php script (which I currently can't do because of denied access).

#4 effigy

effigy
  • Staff Alumni
  • Advanced Member
  • 3,600 posts
  • LocationIL

Posted 15 August 2006 - 09:58 PM

If you're going to be working with the server much more, I recommend picking up a basic Unix book. man is the manual command; it is used to look up information on commands. You can even man man to learn about man.

If you need to change permissions, you want to use chmod, not chown. If the file is within your web root, you can use Apache's File directives to deny access as well.
Regexp | Unicode Article | Letter Database
/\A(e)?((1)?ff(?:(?:ig)?y)?|f(?:ig)?)\z/

#5 SharkBait

SharkBait
  • Members
  • PipPipPip
  • Advanced Member
  • 845 posts
  • LocationMetro Vancouver, BC

Posted 15 August 2006 - 10:05 PM

'chown' changes who owns the file and what group has rights to that file.
'chmod' changes permission for the file, like the above mentioned.
  chmod ing a file can be good and/or bad.  It gives owner rights, user rights and guest rights.  Kinda like global read/write access to your files.

I went on vacation one week and when I got back someone change my employeer's webfiles to be owned by a non-existant group. Apache didnt like that and freaked out and the website.. well didnt work like it should of ;)

The someones were two coworkers who were trying to 'test' something on a live server :)

#6 Jen

Jen
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 15 August 2006 - 10:07 PM

Your reply confuses me.  I'm not using Unix, and the server I speak of is a web server, and I don't think they use Unix either.  I've been trying to set up a little news box on a website, with the ability for the site's owner to use a form to change the news contents.  I have two problems:  firstly, anyone could find the password file on the server and view (and probably change) its contents; secondly, my script doesn't have the access permissions to write to the file containing news data.  Here is my original post concerning this project:  http://www.phpfreaks...c,103311.0.html

#7 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 15 August 2006 - 10:20 PM

Your reply confuses me.  I'm not using Unix, and the server I speak of is a web server, and I don't think they use Unix either.


A webserver is just an application like any other running on an operating system. Most commonly php is used with the apache webserver which is most commonly installed on a Unix varient of some sort. eg; Linux or BSD.

#8 SharkBait

SharkBait
  • Members
  • PipPipPip
  • Advanced Member
  • 845 posts
  • LocationMetro Vancouver, BC

Posted 15 August 2006 - 10:26 PM

If you are writing directly to a file, you will need the file to be at least a chmod level of 755? even 777 on some setups which means that script (your php file) needs to be fully executable by anyone who writes it as does the file you are editing.

Please someone correct me if I am wrong about the permissions though.

As for storing your passwords in a text file, if you are not using some sort of encryption and storing them in plain text, that's a no no :).  Also keeping the file in a location not accessible via the URL.

Say your website is served via this path on the webserver

/var/html/www/index.html

The webserver would be able to display anything in the /www/ directory.  You would need to put your password file lower in the heriarchy(sp) 
<?php
//PHP for locating password file (semi-pseudo)

require("../myPasswords.php");
?>

The file would be stored in
/var/

So, if a user points their browser to http://www.myplace.com/  they can only get any file that is served out of that /var/html/www directory.  Anything prior to that (like /var or /var/html) will not be able to served by the webserver as easily.

Whew.. hope this makes somewhat sense, my spelling can be horrible at times.

#9 Jen

Jen
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 15 August 2006 - 10:36 PM

Ok, Sharkbait, that explains a lot, thanks!  I'm very new to this stuff; never done anything outside of simple html and css before, so I'm just getting my feet wet right now.  Will I have better luck accessing my files if they were stored "lower in the heirarchy," as you say?  Or would I still have my problem with denied access?

#10 Jen

Jen
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 15 August 2006 - 11:21 PM

I have more questions.  How do  I manage to encrypt my password files?  Can this be done with a php command while writing to a file?  I encryption still necessary if the password file is stored outsid the www file?  The file heirarchy looks like this:
apdwbux04/www/customer/www.---.com/htdocs/index.html
(where --- is the web url for the site)
Should I put the password in the apdwbux04 file then?  I'm having trouble getting to that file with my ftp client.  When I click to view it, I cannot see the contents, even though I know there should be at least a www folder in there.  Should I be able to view the contents of this folder with my ftp client?  Should I just use a php script to create the files rather than trying to ftp them to that folder?  Is this something I should be contacting the web host about?  Sorry for asking so many questions.

#11 Jen

Jen
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 16 August 2006 - 06:32 PM

*bump*

#12 effigy

effigy
  • Staff Alumni
  • Advanced Member
  • 3,600 posts
  • LocationIL

Posted 16 August 2006 - 06:57 PM

Can you use a database? If not, and you can't get the file outside of the webroot, I would precede the file's name with a period. In UNIX this indicates a hidden file, which Apache normally hides from indexing. This still would not deny outside access. You could create a folder called "password" and save the file in there as ".htaccess". This would deny the outside world if your host is configured properly; I'm not sure how it would affect Apache though. Also, use md5 to store the information in your password file.

Since I always use a database, I'm not sure if these are the best methods.
Regexp | Unicode Article | Letter Database
/\A(e)?((1)?ff(?:(?:ig)?y)?|f(?:ig)?)\z/

#13 Jen

Jen
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 16 August 2006 - 07:37 PM

How do I use md5?  Do I need special software or php scripting for it?  I don't know squat about databases, and I don't think it's necessary to store one password and a paragraph worth of news to put on a web page.

#14 effigy

effigy
  • Staff Alumni
  • Advanced Member
  • 3,600 posts
  • LocationIL

Posted 16 August 2006 - 07:46 PM

md5
Regexp | Unicode Article | Letter Database
/\A(e)?((1)?ff(?:(?:ig)?y)?|f(?:ig)?)\z/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users