... please help to understand permissions/ownership
2:39 pm on Jul 12, 2007 (gmt 0)
Hi, I can't seem to write to the file system inside my httpdocs directory. I am guessing its permissions/ownership issue? I tried all combinations I can think of, but no luck. What should I troubleshoot first?
8:39 pm on Jul 12, 2007 (gmt 0)
to get the whole story you need to state the owner of the process (web server owner), which group(s) that owner belongs to, the owner and group of the directory being written to and the permissions on that directory...
7:32 am on Jul 13, 2007 (gmt 0)
Thanks, phranque! The support guy told me that it is an issue of matching ownership. Still confused, but I'm going to dig in.
9:04 am on Jul 13, 2007 (gmt 0)
owners and groups are numbers but they can also have names which are more commonly used. just for example, your web server process may run as the "www" user. the "www" user can be in one or more groups, such as "www" and "htgroup". again, these are just random names used for this example. the ownership of an inode (file or directory for this discussion) is specified as a user:group pair. for example it could be "www:www" or "www:htgroup" or "joe:htgroup". the permissions for an inode are specified in triplets, for file owner, group and user permissions. each of the 3 permissions is 3 bits for read(4), write(2) and execute(1) permissions. the execute bit is used for executable files as well as directories. therefore a typical permission setting for a directory might be 755 which gives the owner all access, the group and file user get only read access. for a non executable file the equivalent permission would be 644. here's where it all comes together: if your htdocs directory is owned by the server process' user or one of this user's groups and the permissions for that directory are "write permissive" to that user or group, then you are good to go. so using above examples, if your server process user is "www" which is in group "htgroup" and the directory ownership is "joe:htgroup" and file permissions on the directory are 775, then the server should be able to write to the directory since its group has write permission to the directory, as can user "joe"...
1:08 pm on Jul 13, 2007 (gmt 0)
Well, I disabled the php safe mode which restricts writing to a dir that is not owned by the same process. Now i can write to the filesystem:-).
I learned alot today, thanks, phranque.
6:06 pm on Jul 13, 2007 (gmt 0)
rather than disabling the security entirely i would suggest you look at the open_basedir directive which limits the files that can be opened by php to the specified directory-tree(s)...
9:01 am on Jul 16, 2007 (gmt 0)
That's a good point, phranque, I'll do that, thanks!