Make directory and create files in a different domain

Discussion in 'PHP and MySQL' started by gsaunders, May 15, 2006.

  1. gsaunders

    gsaunders Perch

    Ok,

    Have a client with domains and subdomains

    www.mydomain1.com
    sub.mydomain1.com

    They have a script that process a form under www.mydomain1.com, but need it to create a directory and file under the sub.mydomain1.com

    I am trying:

    PHP:
    if (!file_exists('/sub.mydomain.com/newfolder'])) {
        
    mkdir('/sub.mydomain.com/newfolder');
    }
    but I get the error: "mkdir(/sub.mydomain.com/newfolder): No such file or directory in"

    So, is this error due to permissions or do I have to use something else to get to a different folder outside the domain?

    Thanks
  2. gsaunders

    gsaunders Perch

    Ok... I now found the correct path...

    PHP:
    if (!file_exists("/hsphere/local/home/username/sub.mydomain1.com/newfolder")) {
                    
    mkdir("/hsphere/local/home/username/sub.mydomain1.com/newfolder"0777);
    }
    but still get "Permission denied in" error. Do I need to give 0777 or 0775 rights somewhere? I don't want to have a security hole either so what is the best way of doing this?
  3. gsaunders

    gsaunders Perch

    Ok... I had to put 0777 rights on the sub.mydomain1.com folder.

    Am I causing a security whole by doing this? It is the only way I could get it to work.

    Thanks
  4. gsaunders

    gsaunders Perch

    and.... if you noticed the mkdir command I used 0777 for the mode, but it ended up being 755 when I look at it with the ftp client.

    When I wrote the file as well I didn't see any parameters to set the mode, but it ended up being 715. I now can't change the mode from my ftp client so I cannot delete it now.

    Can someone give some general guidance on these modes.

    Thanks.
  5. gsaunders

    gsaunders Perch

    Ok... using the built in file manager I am able to see that all files created via dreamweaver using my ftp account has the ftp username as the owner and group. But the ones I created with the script has the owner and group as httpd.

    Ok... so how do I ensure the script can create, delete, and modify files, but not create a security risk AND not prevent my main ftp username full access.

    I altered the script to chmod on the folder to 0777 and it worked. I tried to use the chmod on the file and it will not change beyond 644... (EDIT) It did change the file to.

    Maybe someone could school me on the proper technique for creating folders and files via script, keeing things secure, and allowing my main account full access.

    Thanks again.
  6. gsaunders

    gsaunders Perch

    Dang... I just noticed something strange. The folder and files that I had created via the script... which showed user "httpd" as the owner automatically switched back to the ftp user name as the owner and I didn't do anything.

    Hmmm... I definitely need some clarification on what is going on.

    Thanks
  7. gsaunders

    gsaunders Perch

    Ok... who is the linux/unix security rights guru? (Yash, Stephen?)

    It is simple:

    1) I need to allow a script to create folders and files under the domain folder. (if I have to I can create a folder like www.mydomain.com/specialfolder and create the folders and files under that if it makes things easier or more secure. My understanding is the script ends up using the user/group httpd.

    2) I need my primary FTP account to still have full access to things the httpd user creates.

    3) The folders being created are based on a clientID so I can't precreate the folders and set rights manually. I need this to be automated and as secure as possible.

    How do I make this happen? This is on web4 (linux/unix) box.

    Thank you.
  8. Stephen

    Stephen US Operations Staff Member

    not me :)

    Tanmaya would be, but the reason it s going from httpd to the user is because httpd is not counted against the quota, so all owners httpd gets changed to the proper user at a regular interval(which I don't know as I did not set it), so the quotas are correct.
  9. gsaunders

    gsaunders Perch

    OH CRAP... ok how the heck am I going to be able to do this.

    When the user name changes back it breaks the script because the script can no longer update the file or overwrite it with a newer version. It fails with permission denied.

    There has got to be a way to make this work.

    Tanmaya... HELLO?... calling Tanmaya!!!
  10. Stephen

    Stephen US Operations Staff Member

    with the proper permissions it could be modified or overwritten, I will try to point Tanmaya to this.
  11. gsaunders

    gsaunders Perch

    Thanks... I know I have a lot here so if I need to summarize after all my testing I can do so.
  12. Stephen

    Stephen US Operations Staff Member

    Tanmaya said this would need to be either 771 or 777 to work the way you want.
  13. gsaunders

    gsaunders Perch

    Is there a way to get into a live chat with Tanmaya? I have done a lot of different things with different results and need to get some clarification in a quicker manner than posts in forum.

    Is there a time window (eastern) in which I am most likely to catch him?

    Thanks.
  14. skypanther

    skypanther Exalted Code Master!

    This should be the easier way to do it. You grant 777 permissions on the specialfolder and then everyone (httpd and your ftp user) should have permissions to write/delete/read from it.

    You kept saying 0777 for permissions. Unless that's how your FTP client does it, leave off the zero. Under *nix, there should be just three numbers--each digit represents owner, group, and everyone respectively (I think I have those in the right order).

    Good luck,
    Tim
  15. gsaunders

    gsaunders Perch

    The 0777 is how PHP represents it in the chmod function (http://us3.php.net/manual/en/function.chmod.php). I was just using the PHP representation... you are correct it is 777 from permissions standpoint.

    After speaking with Tanmaya we have confirmed if we want to do this we have to set permissions to 777 on the special folder, but when creating new folders and files you have to have the script deliberately set those items to 777. The main reason is there is a jodo/hsphere script that runs ever 24 hours that changes the file/folder ownership from httpd back to your user. If you do not have rights set to 777 on the file/folder it will ultimately break your script when it runs later to update the files.

    Tanmaya is looking for alternatives to have to use 777 and to make it much more security conscious. He said he would report his findings in the future.
  16. skypanther

    skypanther Exalted Code Master!

    If Tanmaya doesn't share his results here, would you post them? I'd like to tighten up security on my various scripts and CMS installations if I can.

    As for the 0777 stuff, I didn't realize you were talking via PHP there. The function uses octal numbers hence the leading zero.

    Thanks,
    Tim

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services