Geek Answers Handbook

PHP permission to change file and directory ownership and permission

I would like to create a simple web application that manages some directory on the server. I want to give people the opportunity to use chown and chmod.

What a safe way to give PHP this permission? The fastest thing is to just run Apache and PHP as root, but that doesn't seem like a smart idea.

Another thing I was thinking about is creating a separate script that has setuid root ..

Thanks!

+4
source share
3 answers

Well, that, of course, sounds like a dangerous idea, and I'd rather sit down and think about the whole strategy of what I'm trying to achieve.

The danger is the escalation of privileges of the script executable, which the remote user can modify or download, of course. The full chown / chmod in the web application is equivalent to just pasting your root password on the page.

What exactly is going to happen?

If chown should happen for some reason, but not for root (hopefully), then the functionality should be wrapped. I would take user requests and queue them, and then have a separate process (maybe shell, php, perl, anything) running as root cron, check this queue, check if the request matches the allowed parameters, and make changes,

+6
source

One way is to configure sudo on your computer (assuming it's a Linux box). Sudo allows you to execute elevated commands, controlled by the restrictions specified in the sudoers.conf file. Use strict rules to restrict its use to the necessary commands in a specific directory for the user your web service is running on (for example, www-data), and then call the shell from your PHP script with something like tis:

shell_exec("sudo chmod 777 dirname");

Make sure your sudo configuration is tight to make sure that breaking is nearly impossible.

0
source

Maybe you should look at the php commands: chmod, chown, chgrp and fileperms

chmod

 chmod("/somedir/somefile", 0600);
0
source

More articles:


All Articles