FTP/fopen trouble

[redbullmarky]

Hi again all

I had a problem recently with an 'updater/installer' script i'm trying to implement, where I was looking of ways to get a PHP file from a remote location in it's full, text format and update it on another server.

For the sake of keeping things easy to understand, remote server (where the up to date files i want) is called 'R', and the local server that needs updating is 'L'.

I can now get the file successfully from R using a script on L. the script on L displays the PHP file in its text format perfectly.

Now my problem. I need to move this file that L gets into its correct place on the server. If I chmod a test directory to give write permissions to all, then I can comfotably use fopen/fwrite, etc to put the file there. however, the file that I get from R needs to replace a file on L totally. Without giving write access to ALL the directories on L, I do not know how to go about this. I DO NOT want, for obvious reasons of security, to write access to all of L's directories and scripts.

eg: i have a replacement for this file:
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
/public_html/search/index.php
[/quote]
but the permissions, for obvious reasons, are set to read/execute, NOT write.

i've tried using php's 'chmod' on certain directories/files before writing to them in the hope that i can then simply 'chmod' them back to read only afterwards, only the 'chmod' fails due to permission problems.

So ... getting to the point ... how can a script on L force the overwriting of another script on L, to replace it, whilst still leaving all the permissions as they should be afterwards?

I think my biggest problem is that i don't fully understand setting up the files in the first place with 'ownership' or even changing my script so that my script can 'be' the necessary owner.


Hope someone can help

Cheers
Mark

[craygo]

Well the first thing you need to find out what account your web server uses to access it's files and directories. If apache, you can create a new account and have apache use this new account instead of the default. I do not use apache so I cannot help you with this, but I do have experiance with permissions in a linux environment. You could give the account write permissions for a particular folder. If the folder is within the site there should not be a problem just chmod it to 755. if it is outsite the site root then you will have to add the account to a group and chmod, chgrp that group to have write access to the particular folder.

I assume this is a linux environment.

Is this a rented web server or do you own it.

Ray

[redbullmarky]

Hi Ray
We're on Apache here on Fedora. We do not own the server but it is a Virtual Private Server, so we have full access to anything. Normally I just rely on Windoze where it seems like you don't need permissions for anything, but Linux is proving to be a different monster altogther. I'm getting the idea that the script needs to run as a different user, as opposed to changing the ownership of every file and directory i have, but i'm stumped as to how. I know what functions i WOULD use, but they give me permission problems. I didnt think that a script running on the server would need extra permissions, etc, to do stuff on the server.

Cheers
Mark

[craygo]

The script will run as the apache user.

For example I use IIS and the default user for web server is IUSR_compname. In order for your script to do anything to the file system I have to give that user permission to do it. So i would have to change it on the server to allow that user to write to a particular folder weather it be inside the site root or outside it.

This is why I say you need to find out what account apache uses for it's web services and that is the user you need to give write permissions to on the folder that you want.

If have apache run as a different user and that user has write permissions all over the server, you will have security issues.

After you find out what user apache uses, make a group and add the root/admin user and the apache user to that group. then chgrp that group.

chgrp -R groupname path/to/folder

then

chmod -R 775 path/to/folder

this will give the owner full access, the group full access, and everyone else read/execute rights



Ray

[redbullmarky]

Hi Ray,

Files i upload via dreamweaver are given one user name, generally my 'ftp' username. files on the server created with either fopen or move_uploaded_files are owned by 'apache'

your description is a little mindblowing but kinda makes alot of sense (within the bounds of my knowledge, anyway). have you put any of your points into practice in the past with php scritps using functions such as 'chmod' or 'ftp_chmod' ??

Cheers
Mark

[craygo]

Yes I have had to do alot of this with my old server which was linux.

From what I gather, if you would like to make it easier. Give the apache account access to FTP and connect that way. This will make the ownership of the files that of apache. Then you should just be able to chmod the folders 755 and you should be all set.

If the FTP account you are using does not have the ability to change permissions then you will never be able to do any kind of chxxx command.

Alot of php examples show commands to files and folders that are in the web root. This means that the apache user usually has access to these files and folders. Once you venture outside the root nothing you do from the web browser will work without giving rights to the apache account.

Ray

[redbullmarky]

[!--quoteo(post=359796:date=Mar 29 2006, 09:21 PM:name=craygo)--][div class=\'quotetop\']QUOTE(craygo @ Mar 29 2006, 09:21 PM) [snapback]359796[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Yes I have had to do alot of this with my old server which was linux.

From what I gather, if you would like to make it easier. Give the apache account access to FTP and connect that way. This will make the ownership of the files that of apache. Then you should just be able to chmod the folders 755 and you should be all set.

If the FTP account you are using does not have the ability to change permissions then you will never be able to do any kind of chxxx command.

Alot of php examples show commands to files and folders that are in the web root. This means that the apache user usually has access to these files and folders. Once you venture outside the root nothing you do from the web browser will work without giving rights to the apache account.

Ray
[/quote]

Cheers Ray
without wanting to sound stupid, can you dumb some of that down if you can? FTP and permissions, apart from what Dreamweaver does in the background, is farely new to me.

Pretend i'm Bill Gates being taught how to use shampoo.

Mark

[craygo]

it's kind of tough helping out here without know at least a little about your file structure and the user with apache.

can you give me the file structure and a screenshot of the listed users for the directory.

go to the directory before the one you like, then use this

ls -l

this will list the directories with the users and permissions for the directories. then we can go from there. If you prefer not to do this in public, I will be on tomorrow(Thursday) from 8:30-4:30 EST, on AIM my screen name is craygo69.

Will be glad to help ya just need a little more info.

Ray