Results 1 to 11 of 11

Thread: Allowing PHP to write files on the server

  1. #1
    Administrator Chris's Avatar
    Join Date
    Feb 2003
    Location
    East Lansing, MI USA
    Posts
    7,055

    Allowing PHP to write files on the server

    When allowing PHP to write files on the server is it necessary to always set directory permissions at 777?

    I'm building a caching system for my literature site, or rather a system that outputs the pages as plain html with no db calls or php in them. Writing a php script to create these files is no problem, I just don't like the idea of putting what basically amounts to the root of my site as 777.

    I think that perhaps I might not need to do this if I run the files from shell when logged in as root such as:

    php /home/admin/makepages.php

    But I'm not sure.

    Anyone do this before?
    Chris Beasley - My Guide to Building a Successful Website[size=1]
    Content Sites: ABCDFGHIJKLMNOP|Forums: ABCD EF|Ecommerce: Swords Knives

  2. #2
    Web Monkey MarkB's Avatar
    Join Date
    Nov 2003
    Location
    London, UK
    Posts
    1,783
    I would think 644 would do it (rw for owner, r for group and public), though you may need 664 or even 666. 777 just allows execute permissions as well, I'm sure.
    Stepping On Wires - the new blog

  3. #3
    Web Monkey MarkB's Avatar
    Join Date
    Nov 2003
    Location
    London, UK
    Posts
    1,783
    Just tested and created a file via a php script, called from browser, in a directory with chmod 755, and that worked fine. But if you're running it from shell, then it shouldn't matter.

    Am I making sense? I'm too tired to think straight...
    Stepping On Wires - the new blog

  4. #4
    666 works fine depending on your server settings.
    Running PHP as root doesn't make any difference to the permissions. Root is god
    I usually use 666 for my folders that need to be written to by PHP and it runs fine.
    Roger Stringer - freekrai.net
    DBStract - Build Virtual Databases

  5. #5
    Administrator Chris's Avatar
    Join Date
    Feb 2003
    Location
    East Lansing, MI USA
    Posts
    7,055
    Well 666 is technicall still pretty insecure.

    My thought was that, when php runs as the webserver it runs as nobody so if I accessed this script through a browser I'd need permissions to allow nobody to write.

    If I run it as root it shouldn't matter the permissions.

    I will experiment though.
    Chris Beasley - My Guide to Building a Successful Website[size=1]
    Content Sites: ABCDFGHIJKLMNOP|Forums: ABCD EF|Ecommerce: Swords Knives

  6. #6
    You could also do something that I've done on a few content heavy sites for clients before.
    Have the script that generates the pages run as a cronjob nightly or weekly.
    Have it run from your /etc/cron.daily or etc/cron.weekly script.

    Make an .sh file like this:

    #!/bin/sh/
    php /home/admin/makepages.php

    Then save it in the cron folder and let it run. That generates the pages and runs as root (or similiar) and doesn't have a problem with permissions.

    If all else fails, you could also write a PHP script that generated the files in the /tmp/ (/tmp/ being universally writeable always) folder and then uploaded them to your server via FTP, also managed in the script. But that one seems a bit more convoluted than the cron job idea.
    Last edited by freekrai; 11-30-2005 at 02:07 PM.
    Roger Stringer - freekrai.net
    DBStract - Build Virtual Databases

  7. #7
    Administrator Chris's Avatar
    Join Date
    Feb 2003
    Location
    East Lansing, MI USA
    Posts
    7,055
    oh ya, I'm totally cronning this when I'm done.
    Chris Beasley - My Guide to Building a Successful Website[size=1]
    Content Sites: ABCDFGHIJKLMNOP|Forums: ABCD EF|Ecommerce: Swords Knives

  8. #8
    That should work fine then, eliminates the need for write permissions to that folder and solves having to always login and run it.
    Roger Stringer - freekrai.net
    DBStract - Build Virtual Databases

  9. #9
    4x4
    Join Date
    Oct 2004
    Posts
    1,043
    I didn't change any perms. for the file or directory and have had success writing and creating files through php.

  10. #10
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    my new xml chat room uses fwrite to the tmp, you dont need to set any permissions.

  11. #11
    Quote Originally Posted by Emancipator
    my new xml chat room uses fwrite to the tmp, you dont need to set any permissions.
    I just mentioned in an earlier post yesterday that the tmp folder is universally writable from PHP by default.

    It's the other folders that aren't writable to PHP by default.
    Roger Stringer - freekrai.net
    DBStract - Build Virtual Databases

Similar Threads

  1. Free Server Security Audit by Touch Support
    By TSGradyR in forum The Marketplace
    Replies: 0
    Last Post: 03-30-2005, 11:00 PM
  2. Admin Lite by Touch Support
    By TSGradyR in forum The Marketplace
    Replies: 0
    Last Post: 02-23-2005, 06:20 PM
  3. php: cache files on a remote server ?
    By tomek in forum Website Programming & Databases
    Replies: 2
    Last Post: 07-12-2004, 08:48 PM
  4. PHP: Rotating files - no duplicates
    By mobilebadboy in forum Website Programming & Databases
    Replies: 3
    Last Post: 07-05-2004, 12:38 PM
  5. Replies: 2
    Last Post: 02-06-2004, 10:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •