1

There are several similar questions on here, such as this one, but the answer to that question (and several others I read) is:

let PHP create the directory itself in the first place.

I use git on my site, so it's not possible to allow PHP to "create the directory itself."

To pull in changes, I run a git pull origin master command when logged into my server via SSH, which makes the owner of the files my cpanel user I'm logged in as.

I need PHP to be able to create files in certain directories. Is the only way to allow this to chmod the folders to 777, or is there a better way?

I don't have a good understanding of Linux permissions, but from what I've read changing directory and file permissions to 777 is generally not a good idea. Furthermore, if I chmod the folders to 777, I suspect the permissions will be overwritten when I run git pull origin master, although I haven't tested this.

Community
  • 1
  • 1
Nate
  • 26,164
  • 34
  • 130
  • 214
  • Use shell_exec to make files and directories – Daan Feb 13 '15 at 15:46
  • @Daan As mentioned, I'm using `git`. It creates the directories and files. – Nate Feb 13 '15 at 15:47
  • You can chown the directories to the user that the webserver runs as. But I think the need to write anything into the git checkout is kinda sketchy. I'd recommend putting those files outside the document root, so that they're physically separated from the git files. – Alex Howansky Feb 13 '15 at 15:57
  • @AlexHowansky Well, in this case I I'm wanting a sitemap generator script I wrote to write sitemap files to the `public_html` directory. I also would like to be able to write certain log files under there so that I can view them in my browser. – Nate Feb 13 '15 at 16:00
  • 1
    Ok but the sitemap generator isn't intended to be real-time (is it?) and can run from cron as a user that already has write perms -- you don't want anybody on the web to be able to fire off your maintenance scripts. Regarding logs, if you must have them reachable over the web, then just don't put them in a directory that git has already created -- put them in a new one, then there's no conflict to worry about. – Alex Howansky Feb 13 '15 at 16:05
  • 1
    Better yet, put the logs in a new dir that's outside document root, symlink to it from within document root, and then make sure your web server is configured to never execute PHP from that dir. – Alex Howansky Feb 13 '15 at 16:36

2 Answers2

3
  1. Git won’t override permissions on already existing directories.
  2. You should check under what user apache (or whatever http server you use) is running.

It would be likely www-data for apache:

ps aux | grep http | cut -f 1 -d ' '
  1. As soon as you know the user, https server is running as, do change the owner.

This shell command is fine:

chown -R www-data FOLDER_PHP_NEEDS_TO_WRITE_TO

The above will set the owner of the folder to www-data, apparently giving a write permission for https server to write there.

Whether you are afraid of loosing control over this directory, do it via group permission:

chgrp -R www-data FOLDER_PHP_NEEDS_TO_WRITE_TO
chmod -R g+w FOLDER_PHP_NEEDS_TO_WRITE_TO

Now you are still the owner, while http server is able to write there because it belongs to this group. You might do it other way, adding yourself to www-data group and giving write permissions for that group to the desired folder.

Another option is to run git as www-data:

sudo runuser -l  www-data -c 'git pull'

But I would suggest the solution with group.

Aleksei Matiushkin
  • 119,336
  • 10
  • 100
  • 160
  • if I `chown` the folder to another user, won't that affect `git`'s ability to update files in the folder, as well as my ability to edit via ftp? – Nate Feb 13 '15 at 15:57
  • 1
    Note: this is a bad idea if FOLDER_PHP_NEEDS_TO_WRITE_TO isn't empty, as your web server process now has access to modify its contents. – Alex Howansky Feb 13 '15 at 16:17
  • @AlexHowansky I bet folders are being made webservers-writable for webservers to write into these folders :) – Aleksei Matiushkin Feb 13 '15 at 16:18
  • 1
    Yes, I understand the intent -- but if this folder already contains (for example) PHP code from the git repo, then you've just given the website the ability to overwrite its own source. Which is why, in general, you never want anything under the document root to be writable by the web server process. – Alex Howansky Feb 13 '15 at 16:31
1

This might be something you can use - I haven't tried it myself so I don't know if it actually works:

https://stackoverflow.com/a/3208143/609855

Community
  • 1
  • 1
h00ligan
  • 1,471
  • 9
  • 17