Welcome to WebmasterWorld Guest from 23.20.230.24

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

exec("chattr. ") doesnt work - how do I assign/override permissions?

     
5:04 pm on Apr 9, 2011 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I need to lock a file so it can't be deleted, renamed, or modified while a process is happening.

At the Linux command line, logged in as root, I can do that with this command:

# chattr +i filename.txt

So, I added this line of PHP to my script:

exec("chattr +i filename.txt");

but alas, it doesn't work.

I can see that it didn't work by showing it:
echo exec("lsattr filename.txt");

and the output is this:

--------------- /path/to/file/filename.txt


If the command worked, I would see this instead:

----i---------- /path/to/file/filename.txt


I'm aware that this is likely a problem with permissions, ownership, et al.

I've tried adding "sudo" to the command, and fiddling with chown and chmod; changing the owner of the file to "root" and "apache" and "nobody"... no luck.

What I need is just to let my PHP script, which is run by apache, execute that chattr command to lock that file.

oh, I tried shell_exec() too. No difference.

I also wrote a bash script that does the chattr, then ran "exec()" to call that, with and without "sudo"... no luck. I get the output from the bash script, but the file's "immutable" setting doesn't change.

I'm running out of ideas.
8:20 am on Apr 10, 2011 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



perhaps PHP is running in safe mode?

have you tried capturing and displaying the return status of the chattr command?

if there is no solution to using chattr in PHP you might try the copy/process/replace workaround i suggested in your other thread.
10:12 am on Apr 10, 2011 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I get the output from the bash script, but the file's "immutable" setting doesn't change.


Have you captured the output to see it it runs? "chattr +i filename.txt > chattrout"

Is /usr/sbin/ in your default path for PHP?

Did you try an explicit path to the command and the file?

try something like: echo exec("/usr/bin/lsattr /usr/www/vhosts/somepath/domain.com/filename.txt");

if that doesn't work, move lsattr to your FTP account, change the ownership (chown/chmod) to your local account, try it again as not all commands are authorized for global execution.
5:37 pm on Apr 10, 2011 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



this:
echo exec("whoami");

echoes "apache". So I know that a page hit by the browser is being run by the "apache" user.

So, I copied /usr/bin/chattr to /var/www, then did chown apache:apache chattr, chmod 777 chattr.

Then this:
exec("/var/www/chattr +i example.txt");

No change to the file. The lsattr output is still "---------------"

when I execute the same command from the linux CLI, it works.

# cd /var/www
# ./chattr +i example.txt
# lsattr example.txt

output is : "----i----------"


Dang, I really thought that was going to work
6:41 pm on Apr 10, 2011 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



try echo exec("/var/www/chattr +i example.txt"); and see what it says!

it may be telling you it requires root to run, something simple you need to know

try this, make a multi-line script that attempts privilege escalation, change to root before running chatter and see what happens

Software error:

Can't locate /home/deploy/webmasterworld/code_format-v6.lib in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at decode-post-v6.lib line 27, <THREADDAT> line 7.

For help, please send mail to the webmaster (it@imninjas.com), giving this error message and the time and date of the error.