LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   assigning r+w permissions to the appropiate user (https://www.linuxquestions.org/questions/linux-newbie-8/assigning-r-w-permissions-to-the-appropiate-user-735824/)

htamayo 06-26-2009 10:35 AM

assigning r+w permissions to the appropiate user
 
Hi, I'm coding an app using LAMP, in one php file I'm using the function fopen() to access to a text file, but when I run this script I got the error message "permission denied", in this point I'm confused, here is my question:

-I'm using debian lenny
-my linux user is called bob, using this account I will code/debug my app.
-the mysql's user is called tim, tim only exist in the DBMS and he is the database owner
-checking my /etc/passwd file, I found the mysql user, but I didn't find any apache or apache2 user
-doing a ls -la to the app's directory, the owner of all files is bob. the file's permissions are: -rwxr-xr-x

my questions are,
-who is the user that needs to be the file's owner?
-the file's permissions are wrong? what flag should I activate?

regards

rweaver 06-26-2009 10:40 AM

type: ps aux | grep apache

Whoever owns the process the http server is running as (www-data I believe) is who needs write access. If the file is owned by www-data it can be 644, if the file is owned by bob then likely it will need to be 666.

read=r=4
write=w=2
execute=x=1

Add them up to get the permissions you need:

rwx=7
rw-=6
r-x=5
r--=4
-wx=3
-w-=2
--x=1
---=0

Directories typically need an execute bit set to have basic functionality. You don't want execute on a file that doesn't need to be executed.

htamayo 06-26-2009 01:12 PM

Hi, I've changed the file permissions and the owner, but still I get the same error, here is my ls -la file permissions:
Quote:

-rwxrwxrwx 1 www-data www-data 1647 2009-06-26 10:17 /var/www/nomina/login.php
-rwxrwxrwx 1 www-data www-data 230 2009-06-25 15:37 /var/www/nomina/logout.php
-rwxrwxrwx 1 www-data www-data 575 2009-06-25 15:22 /var/www/nomina/logsystem.p
Also, I tried to use the owner like this:
Quote:

-rwxrwxrwx 1 bob www-data 1647 2009-06-26 10:17 /var/www/nomina/login.php
-rwxrwxrwx 1 bob www-data 230 2009-06-25 15:37 /var/www/nomina/logout.php
-rwxrwxrwx 1 bob www-data 575 2009-06-25 15:22 /var/www/nomina/logsystem.php
bob belongs to the www-data group, but still doesn't work, the error that i got is like this:
Quote:

Warning: fopen(0) [function.fopen]: failed to open stream: Permission denied in /var/www/nomina/logsystem.php on line 6
the line 6 is: f=fopen($nombre, "w");

if you another suggestions will be welcome

regards

rweaver 06-26-2009 01:26 PM

What is $nombre set to?

Also what are your apache error_logs showing?

Is SELinux turned on?

The relevant piece of data isn't so much the permissions of the php file, but the permissions of the file you're trying to open for writing.

htamayo 06-26-2009 02:51 PM

yes. SELinux was turned on, i switched to permissive and then it works. now I can writer/read the file. thanks. because I'm debugging the app I decided to keep the user bob as the owner of the login.php, logsystem.php and nomina.log and it works, but when the system is ready, do yo recommend me that the owner will be 'www-data' for the external users?

regards

rweaver 06-27-2009 09:12 AM

Quote:

Originally Posted by htamayo (Post 3587381)
yes. SELinux was turned on, i switched to permissive and then it works. now I can writer/read the file. thanks. because I'm debugging the app I decided to keep the user bob as the owner of the login.php, logsystem.php and nomina.log and it works, but when the system is ready, do yo recommend me that the owner will be 'www-data' for the external users?

regards

No, bob is a good owner just be aware of what permissions any file you try to open for write/read are. If they're world readable/writable it should be fine. Or you can have them owned by www-data and if they're readable/writable by www-data that should be fine. If you're the only user of the machine it shouldn't end up mattering much, if you share it with a large number of other people then you'll probably want to break it down some and maybe have each person own their own files and suexec the apache process to each user so its harder to cross read files and get sensitive information.


All times are GMT -5. The time now is 03:05 AM.