LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 04-30-2009, 05:07 PM   #1
adymroxx
Member
 
Registered: Mar 2005
Location: Iowa
Distribution: Fedora Core 9
Posts: 41

Rep: Reputation: 15
PHP - dynamically create folder and reassign ownership


I’m building a web interface to modify a database we use within our office and I’ve run into some problems with file permissions. My plan is to assign each user that accesses the web interface a unique ID, stored in a PHP session variable. This ID will be used to create a temporary working directory in /tmp (ex: /tmp/ndb123456789). This directory will be used to store a working copy of the database. The uniquely named directory will prevent a user who is currently making edits from being overwritten by someone else accessing the interface. After the user is done with their editing, their changes will be merged with the actual database.

Here is my code for the top of the first page:
Code:
<?php
  include 'includes/db.inc';
  session_start();
  if(!isset($_SESSION['active'])) {
    $_SESSION['active'] = rand(1, 1000000000);
    $tempdir = "/tmp/ndb/".$_SESSION['active'];
    $status = system(“mkdir $tempdir”, $retval);
    $status = system("mysqldump -u $db_user --pasword=$db_pass --tab=$tempdir $db_name",$retval);
  }
?>
Unfortunately, all this does is create the directory and then crash out on the mysqldump. When I enter those commands manually through the CLI, I see that the mysqldump only works if the mysql user (mysql) owns that directory. When the above code runs, the user “daemon” creates the directory and therefore owns everything inside of it, preventing mysqldump from running.

Which brings me to my question: is it possible to create a directory from a PHP system call and change the permissions to allow mysql to access it (system(“chown mysql:mysql $tempdir”) doesn’t seem to work). Am I going about this in entirely the wrong way?

Any help would be greatly appreciated.
 
Old 04-30-2009, 11:09 PM   #2
ilikemonkeys111
LQ Newbie
 
Registered: Mar 2009
Distribution: archlinux
Posts: 6

Rep: Reputation: 1
turns out php has its own mkdir and chmod commands. You might try those.

Code:
bool mkdir  ( string $pathname  [, int $mode= 0777  [, bool $recursive= false  [, resource $context  ]]] )
Code:
bool chmod  ( string $filename  , int $mode  )

Just out of curiosity, why do you need to store a working copy of the database? You may want to consider something like mysql.
 
Old 05-01-2009, 10:10 AM   #3
adymroxx
Member
 
Registered: Mar 2005
Location: Iowa
Distribution: Fedora Core 9
Posts: 41

Original Poster
Rep: Reputation: 15
I just tried PHP’s mkdir with 0777 permissions and it’s still not working. User daemon still claims ownership of the directory, preventing the mysqldump from working. When I run the commands in the above code manually from the CLI as root it works. I have to run a “chown mysql:mysql $tempdir” in effect for it to work however. PHP’s chown doesn’t allow user daemon to change its ownership.

I am using MySQL. My plan is to keep a solid, “official” database. When a user accesses the web interface, a copy of the database is made into their temp directory so they have something to work off of. This allows for some sanity/error checks before they export their changes to the official database – without interrupting the official db.

This is really a proof of concept right now. Maybe I’m going about this the wrong way. However, I think this question can be boiled down to whether or not it is possible for PHP to create a directory for another user. Chmod and chown don’t seem to be working either.
 
Old 05-01-2009, 11:21 AM   #4
Acron_0248
Member
 
Registered: Feb 2006
Location: Venezuela
Distribution: Gentoo
Posts: 453

Rep: Reputation: 33
The thing with chmod and chown is that, as you've already pointed out, you need to be root to use then

Sadly enough, one thing that might help you with those commands will be using them through sudo and without a password but that doesn't seem to be a good solution. Just to clarify what I mean, the following sudoers entries should let you do what you want:

Code:
apache localhost=(root) NOPASSWD: /bin/chmod
apache localhost=(root) NOPASSWD: /bin/chown
Obviously, this will be a serious thing to do because if "someone", maybe doing pentesting for the webapp, come to know that is possible to change mode and ownership of files, then you'll be in a hell of a trouble.

Other thing that you might want to consider instead of your current approach is to make the DB backup using php instead of mysql's client mysqldump, for instance, from PHP, this might be useful:
PHP Code:

mysql_query
("SELECT col1, col2 INTO OUTFILE '/tmp/unique_dir_here/somefile'"); 
That's just an example, you should work in a more complete query, but basically, the idea will be to use mysql functions of PHP to create the backup instead mysqldump, by using PHP itself you avoid having troubles with file/directory permissions


Good luck

Last edited by Acron_0248; 05-01-2009 at 11:22 AM.
 
Old 05-02-2009, 01:50 PM   #5
haxple
LQ Newbie
 
Registered: Apr 2009
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by adymroxx View Post
My plan is to assign each user that accesses the web interface a unique ID, stored in a PHP session variable. This ID will be used to create a temporary working directory in /tmp (ex: /tmp/ndb123456789).
1.- Its a random number, random numbers can repeat, so you have to check if a user is not using alredy that database/folder/whatever
2.- Try chmod

PHP Code:
<?php
  
include 'includes/db.inc';
  
session_start();
  if(!isset(
$_SESSION['active'])) {
    
  
//Its a random number, random numbers can repeat, so you have to check if a user is not using alredy that database
  
$random rand(11000000000);
  if (
is_dir("/tmp/ndb/".$random)){
    
$random rand(11000000000);
  }
    
    
$_SESSION['active'] = $random;
    
$tempdir "/tmp/ndb/".$_SESSION['active'];    
    
$status system(“mkdir $tempdir”$retval);
    
$status system(“chmod 777 $tempdir"”, $retval);
    
$status = system("mysqldump -u $db_user --pasword=$db_pass --tab=$tempdir $db_name",$retval);
  }
?>

Last edited by haxple; 05-02-2009 at 01:53 PM. Reason: Changed [CODE] to [PHP] tag
 
Old 05-02-2009, 04:17 PM   #6
aspire1
Member
 
Registered: Dec 2008
Distribution: Ubuntu
Posts: 62

Rep: Reputation: 23
Just my penny's worth, I thought mysql had built in functionality for this sort of thing and at the least you could have a boolean field that indicates whether a row/record is editable at any particular point in time.
 
Old 05-02-2009, 05:48 PM   #7
bigearsbilly
Senior Member
 
Registered: Mar 2004
Location: england
Distribution: Mint, Armbian, NetBSD, Puppy, Raspbian
Posts: 3,515

Rep: Reputation: 239Reputation: 239Reputation: 239
only root can change the owner of a file to another.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there a command that gives you ownership of a folder and all it's sub-folders royeo Linux - Newbie 3 06-01-2007 02:55 PM
LXer: Create and edit TAR archives dynamically with PHP and PEAR LXer Syndicated Linux News 0 02-23-2007 10:31 PM
how to dynamically create email addresses? AndyFieb Programming 1 05-31-2005 02:26 PM
how to create device node for dynamically allocated major number appas Programming 5 11-01-2004 10:37 AM
php dynamically create transparent png j-ray Programming 2 08-29-2004 09:41 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration