Recently switched from a hosting service running nginx to one running apache. I have some php scripts that i use to create / modify certain files on the server. Am now running into permissions problems because apache assigns a different user id to my php scripts than my usual ftp / sftp login id.

Why does apache assign a different uid? Or is this a php.ini setting? How can my php scripts modify a file that belongs to the real uid, without setting the permissions to writable for all (chmod a+w)? Don't think i have the ability to change php.ini on this server.

If modifications don't happen often, you could use php to open a ftp session then use ftp commands to modify files.
Maybe consider porting data to be manipulated in a database.

1 members found this post helpful.

That sorta works, a least it helps me get past the files permissions problem in the php scripts. But the main problem still exists: that my principal ftp / sftp access uses my account user id, and php scripts use a different uid ('web'), even when in an ftp session within my php script. So even if i can now manipulate the files in a php script, any new or renamed file possesses the php-assigned uid, and then i may have difficulty maintaining the file in my normal ftp / sftp.

Am puzzled why apache uses a different user id in php scripts, while nginx used the same one?

It depends on how the hosting service configured apache, there are hostings (often hostings that advertise being compatible with php cart applications) where the virtual host user owns the files (so php can create / overwrite files in a directory with 0755 permission)

If this is a requirement, change your hosting service

1 members found this post helpful.

Yes, i was able to modify the apache.conf on my home system to run with my user and group id, but it appears that, with regard to apache config settings, i am dead in the water on my hosting server.

However, i just found on my hosting service FAQ page that they will allow me , which means, i presume, that i may set the uid bit on any particular php script, being careful to control access to that script so as not to create a security hole.

Will experiment with this, and try to report back here later.

No that means it's for CGI scripts, eg the scripts that are in a CGI directory. Directory path is whatever value for CGI directory that is configured in your web host, usually there is just one CGI directory per user account.
But yes, any script here with suid bit set will execute commands with your user permissions

1 members found this post helpful.

Nope, that doesn't work, either.

I notice that the FAQ did specify CGI, that is, true executable files. Since php scripts are not true executables (their executable bits needn't be set - they run under apache / php binaries), i may have to change this whole process to work as a cgi script or binary.

Will leave this thread as 'unsolved' for now in case someone knows a better, more elegant workaround.

(posted before i noticed keefaz' warning)

Maybe you can use php as cgi if php was compiled with cli option (it is by default)
with a script like
Edit: just to be clear, such script has to have executive bit set and it must reside in CGI directory

1 members found this post helpful.

My server doesn't use a CGI directory; the faq says any directory may contain a cgi process. And that if i set the uid for a given cgi executable, it will execute the owner's (my) privileges, not the web's. That is what i've just tried to accomplish, with no success. Have posted to my service's forum as well, to ask why this doesn't seem to work in accord with their faq page.

Am currently running a php script that calls the cgi executable. Have tried setting the exec bits (and uid bit) for the php script, makes no difference.

Is the top line in your example
important, or is your code snippet just to help me see if the cli option is set? (It doesn't appear to be enabled, at least i don't see anything that says so in the phpinfo() tables, although the credits section toward the end mentions the authors of CGI, FASTCGI and CLI w/o saying that these features are enabled).

I do have a (limited, i suppose) ability to create my own secondary php.ini. What would solve this for me would be to alter the USER and LOGNAME variables in the php environment, but i fear this would require modifying the apache config, which i can't do.

I think i'm past the problem.

My first error was in invoking the cgi script via exec(). On my home apache, this works fine, and if i set the script's 'set-uid' bit, it runs with my uid and permissions. But apparently my hosting service only recognizes the script's uid bit if the script is run as a true cgi process, using stream_get_contents() and invoking the full url ("http://...").

Am now invoking the perl script from my php script as a true cgi, and, with the script's 'set-uid' bit set, it runs with my uid and permissions. Will mark this thread as solved.