uploading to /home/*/public_html on a linux box

Perhaps this is an apache server question, rather than a php
question. But I want to use a simple php upload script in
a user-home-sub-document-root dir on a standard linux box.

If php is a mod.so it is the apache process that does the
uploading, so it cannot upload into a directory that belongs
to "username" unless the file permissions are 777,
or perhaps......some way to use group permissions that
allows the apache process to write to a directory whose
group bit is readable and writable.

I tried creating a new group definition in /etc/group
and then made the apache pseudo user a member, as well
as a test user, and then set the directory permission
on that user's public_html directory to 775

But the upload process still throws an error message.
There must be a way to do this, without setting the dir
permission to 777


Is running php as a cgi and then wading through all the
suexec pitfalls the only alternative to 777 permissions?

salmobytes wrote:
> Perhaps this is an apache server question, rather than a php
> question. But I want to use a simple php upload script in
> a user-home-sub-document-root dir on a standard linux box.
>
> If php is a mod.so it is the apache process that does the
> uploading, so it cannot upload into a directory that belongs
> to "username" unless the file permissions are 777,
> or perhaps......some way to use group permissions that
> allows the apache process to write to a directory whose
> group bit is readable and writable.
>
> I tried creating a new group definition in /etc/group
> and then made the apache pseudo user a member, as well
> as a test user, and then set the directory permission
> on that user's public_html directory to 775
>
> But the upload process still throws an error message.
> There must be a way to do this, without setting the dir
> permission to 777
>
>
> Is running php as a cgi and then wading through all the
> suexec pitfalls the only alternative to 777 permissions?
>
>

Actually, it's more of a Linux admin question. Could be Apache, but
definitely not PHP. Setting the owner of the file and directory to the
group and making Apache a member of the group should work.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

On 1 May, 22:06, salmobytes <by...@salmo.net> wrote:
>
> Is running php as a cgi and then wading through all the
> suexec pitfalls the only alternative to 777 permissions?

No you could upload to a staging area then use a seperated privilege
program (setuid, sudo, cron job) to publish the files.

Which is the right way to do it - Unix permissions fit a clear,
consistent and correct model; the whole point of a permissions system
is that it doesn't allow you to interfere with things you don't have
permission to do.

C.

C. (http://symcbean.blogspot.com/) wrote:
> On 1 May, 22:06, salmobytes <by...@salmo.net> wrote:
>> Is running php as a cgi and then wading through all the
>> suexec pitfalls the only alternative to 777 permissions?
>
> No you could upload to a staging area then use a seperated privilege
> program (setuid, sudo, cron job) to publish the files.
>

I suppose I could write a (carefully-written) setuid c-program,
that does the chown, and invoke that.

I'm not sure I want to allow the apache process to chown with sudo.
That sounds like a dangerous can of worms.
Cron would fine, but then you have to wait.

This is for a classroom setting. I think I'll give up on the upload
script and force them to use ftp. Eventually they'll learn how
to use ssh and a server-side text editor.

<?php
if($_SESSION['loggedin']) ///use some sort of a password mechanism
system("/home/username/public_html/mycp " . $_GET['wfile'] . " " .
dirname($_SERVER['SCRIPT_FILENAME'])."/" . " dbg");
?>

====== mycp.c =======
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>

void useage()
{
printf ("use: mycp sourcefile outputfile\n");
exit(0);
}

int main (int argc, char *argv[])
{
unsigned ch;
FILE *in_fp, *out_fp;

if(argc < 3)
useage();

char src[120];
char dest[120];
sprintf (src, "/tmp/%s", argv[1]);
sprintf (dest, "%s%s", argv[2], argv[1]);

printf("src: %s<br>\n", src);
printf("dest: %s<br>\n", dest);

if((in_fp = (FILE*) fopen(src,"r")) == NULL)
{
printf("Couldn't open %s for reading\n", src);
exit(0);
}

if((out_fp = (FILE*) fopen(dest,"w")) == NULL)
{
printf("Couldn't open %s for writing\n", dest);
exit(0);
}

int lcnt=0;
while((ch = (int) fgetc(in_fp)) != EOF)
{
fputc(ch, out_fp);
}

fclose(in_fp);
fclose(out_fp);
}

==== bash ====
make mycp ## make while logged in as username
chmod a+s mycp

whileone wrote:
>
> <?php
> if($_SESSION['loggedin']) ///use some sort of a password mechanism
> system("/home/username/public_html/mycp " . $_GET['wfile'] . " " .
> dirname($_SERVER['SCRIPT_FILENAME'])."/" . " dbg");
> ?>
>
> ====== mycp.c =======
> #include <stdio.h>
> #include <stdlib.h>
> #include <ctype.h>
>
> void useage()
> {
> printf ("use: mycp sourcefile outputfile\n");
> exit(0);
> }
>
> int main (int argc, char *argv[])
> {
> unsigned ch;
> FILE *in_fp, *out_fp;
>
> if(argc < 3)
> useage();
>
> char src[120];
> char dest[120];
> sprintf (src, "/tmp/%s", argv[1]);
> sprintf (dest, "%s%s", argv[2], argv[1]);
>
> printf("src: %s<br>\n", src);
> printf("dest: %s<br>\n", dest);
>
> if((in_fp = (FILE*) fopen(src,"r")) == NULL)
> {
> printf("Couldn't open %s for reading\n", src);
> exit(0);
> }
>
> if((out_fp = (FILE*) fopen(dest,"w")) == NULL)
> {
> printf("Couldn't open %s for writing\n", dest);
> exit(0);
> }
>
> int lcnt=0;
> while((ch = (int) fgetc(in_fp)) != EOF)
> {
> fputc(ch, out_fp);
> }
>
> fclose(in_fp);
> fclose(out_fp);
> }
>
> ==== bash ====
> make mycp ## make while logged in as username
> chmod a+s mycp
>

How is this going to do anything to help him? And what does this have
to do with PHP?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

> > ==== bash ====
> > make mycp ## make while logged in as username
> > chmod a+s mycp
>
> How is this going to do anything to help him? And what does this have
> to do with PHP?

mycp runs setuid to the owner of the local /home/username/public_html
directory. mycp is installed inside that public_html.


A *PHP* upload script deposits the uploaded file in /tmp/
The *PHP* at the top of the previous post invokes `mycp` with a system
call,
which copies the recently uploaded file in /tmp/ to the local_public
html.....so the copied file belongs to the local owner (as specified)
and so public_html DOES NOT REQUIRE 777 permissions, as originally
specified. That was the requirement, no?

whileone wrote:
>>> ==== bash ====
>>> make mycp ## make while logged in as username
>>> chmod a+s mycp
>> How is this going to do anything to help him? And what does this have
>> to do with PHP?
>
> mycp runs setuid to the owner of the local /home/username/public_html
> directory. mycp is installed inside that public_html.
>

So?

>
> A *PHP* upload script deposits the uploaded file in /tmp/

Eventually. It depends on the webserver. Sometimes it's not physically
there until the script ends.


> The *PHP* at the top of the previous post invokes `mycp` with a system
> call,
> which copies the recently uploaded file in /tmp/ to the local_public
> html.....so the copied file belongs to the local owner (as specified)
> and so public_html DOES NOT REQUIRE 777 permissions, as originally
> specified. That was the requirement, no?
>
Often times people do not have exec/system privileges, especially on
shared systems. Also, most shared hosts will NOT allow them to install
executables on the system.

Finally, this will run under the same userid as the PHP script. If you
can't do it with the PHP script, you can't do it with this program.

>
>

move_uploaded_file() works fine, and is the correct function to use.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

No, move uploaded file means the file will belong
to the apache pseudo user. So the local directory
has to be set to 777 to allow that. This is the problem
the original question wanted to overcome.

The c-code above can be set to run setuid to the local
user, so the file belongs to the owner. That may
not be the only possible solution, but it is a solution.

Hey, just curious. Do you still think the current
state of the economy can be attributed to Bush's
tax cuts and other policies? As you did a half
a year ago? ......just wondering.

whileone wrote:
> No, move uploaded file means the file will belong
> to the apache pseudo user. So the local directory
> has to be set to 777 to allow that. This is the problem
> the original question wanted to overcome.
>

Yes, and thats exactly the user which will be used to execute your code.

And no, you obviously don't understand Linux security. NONE of my
systems use 777 for the files, but all can be uploaded where necessary.

> The c-code above can be set to run setuid to the local
> user, so the file belongs to the owner. That may
> not be the only possible solution, but it is a solution.
>

Not on a shared server, and not unless you have root access to set up
the setuid. But if that's the case, you can let PHP do the setuid instead.

> Hey, just curious. Do you still think the current
> state of the economy can be attributed to Bush's
> tax cuts and other policies? As you did a half
> a year ago? ......just wondering.
>

Sorry, I won't have a battle of wits with one who is so defenseless.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================