1

I am trying to run a script which creates pages and saves them to the server but am getting a permission error on one of the files that is in the public_html directory.

So 2 pages are created in the "pages" directory which is chmod to 0777 and they are created fine. The 3rd page is created in the "public_html" directory which fails with you do not have permission. The only way i have found to fix this is to chmod the "public_html" directory to 0770 which then everything works but i have been strongly advised by the hosting company not to do this bevause of the security risk.

So my question is, Is there any otherway to achieve this goal? Looking into it a bit it looks like i need to give the script "user" priviliges might work but this is beyond my knowledge at the moment. I`m not even sure what the script is running as at the moment, I would guess "group" as chmoding the public_html to 0770 allows "group"

My setup is: vps server running centos CENTOS 6.7 x86_64

php 5, dso, Apache suEXEC on

simplified Code i am using is:

$page_path = "/home/username/public_html/";
$loop[Html_Name] = "test.html";
$new_page_file = "test.html";


$fp = fopen($page_path.$loop[Html_Name], "w"); 
fwrite($fp, $new_page_file); 
fclose($fp); 
chmod($page_path.$loop[Html_Name], 0666);

Many thanks in advance.

user3696845
  • 37
  • 6
  • You can also check PHP's Safe mode and open_basedir settings. If they are enabled they might be causing that too. – CntkCtn Sep 17 '15 at 16:01

1 Answers1

0

Typically, we use ftp in these situations. /public_html permissions may remain to 750 and run this code. 

$server = 'localhost';
$ftp_user_name = 'username';
$ftp_user_pass = 'passw';
$dest = 'public_html/new.file';
$source = '/home/username/public_html/path/to/existing.file';

$connection = ftp_connect($server);
$login = ftp_login($connection, $ftp_user_name, $ftp_user_pass);
if (!$connection || !$login) { die('Ftp not connected.'); }
$copied = ftp_put($connection, $dest, $source, FTP_BINARY);
if ($copied) { 
    echo 'File copied';
} else {
    echo 'Copy failed!'; 
}
ftp_close($connection);

The page with final destination in public_html can be created in the other directory and then this script will copy it in public_html. The old file will remain and if a file exists with the same destination name will be overwritten.
The $dest is relative path to user home directory. The $source is absolute path.
The connection will fail if the ftp is concurrently used by filezilla or something. A solution to that is to create a second ftp user account in cPanel.

Greg Kelesidis
  • 1,069
  • 14
  • 20
  • lgor Greg, many thanks that will do the job but is that really the only way to do it... seems like an awful lot of messing about. – user3696845 Sep 18 '15 at 17:45
  • @user3696845 a directory with 0777 mode is writable even by the visitors of its pages. On a shared host a directory with 0770 mode is writable by the other users on the server. For this reason it's better to authenticate by ftp to write on a public part of the server, than tweaking permissions. – Greg Kelesidis Sep 18 '15 at 22:28
  • many thanks, just a question... someone would still needed to have gained access to your server to modify files anyway? and if you have a subfolder set to 0777 does this carry exactly the same risk? – user3696845 Sep 20 '15 at 14:43
  • The risk is not only if someone tries to modify files. Easier and really devastating is that they can upload files to a 0777 subdirectory. – Greg Kelesidis Sep 20 '15 at 17:19