PDA

View Full Version : Allowing PHP to write files on the server



Chris
11-30-2005, 10:55 AM
When allowing PHP to write files on the server is it necessary to always set directory permissions at 777?

I'm building a caching system for my literature site, or rather a system that outputs the pages as plain html with no db calls or php in them. Writing a php script to create these files is no problem, I just don't like the idea of putting what basically amounts to the root of my site as 777.

I think that perhaps I might not need to do this if I run the files from shell when logged in as root such as:

php /home/admin/makepages.php

But I'm not sure.

Anyone do this before?

MarkB
11-30-2005, 11:45 AM
I would think 644 would do it (rw for owner, r for group and public), though you may need 664 or even 666. 777 just allows execute permissions as well, I'm sure.

MarkB
11-30-2005, 11:51 AM
Just tested and created a file via a php script, called from browser, in a directory with chmod 755, and that worked fine. But if you're running it from shell, then it shouldn't matter.

Am I making sense? I'm too tired to think straight...

freekrai
11-30-2005, 11:51 AM
666 works fine depending on your server settings.
Running PHP as root doesn't make any difference to the permissions. Root is god
I usually use 666 for my folders that need to be written to by PHP and it runs fine.

Chris
11-30-2005, 01:55 PM
Well 666 is technicall still pretty insecure.

My thought was that, when php runs as the webserver it runs as nobody so if I accessed this script through a browser I'd need permissions to allow nobody to write.

If I run it as root it shouldn't matter the permissions.

I will experiment though.

freekrai
11-30-2005, 02:01 PM
You could also do something that I've done on a few content heavy sites for clients before.
Have the script that generates the pages run as a cronjob nightly or weekly.
Have it run from your /etc/cron.daily or etc/cron.weekly script.

Make an .sh file like this:

#!/bin/sh/
php /home/admin/makepages.php

Then save it in the cron folder and let it run. That generates the pages and runs as root (or similiar) and doesn't have a problem with permissions.

If all else fails, you could also write a PHP script that generated the files in the /tmp/ (/tmp/ being universally writeable always) folder and then uploaded them to your server via FTP, also managed in the script. But that one seems a bit more convoluted than the cron job idea.

Chris
11-30-2005, 02:31 PM
oh ya, I'm totally cronning this when I'm done.

freekrai
11-30-2005, 02:41 PM
That should work fine then, eliminates the need for write permissions to that folder and solves having to always login and run it.

Todd W
11-30-2005, 03:42 PM
I didn't change any perms. for the file or directory and have had success writing and creating files through php.

Emancipator
12-01-2005, 06:17 PM
my new xml chat room uses fwrite to the tmp, you dont need to set any permissions.

freekrai
12-01-2005, 06:29 PM
my new xml chat room uses fwrite to the tmp, you dont need to set any permissions.

I just mentioned in an earlier post yesterday that the tmp folder is universally writable from PHP by default. :)

It's the other folders that aren't writable to PHP by default.