0

So I have a PHP file located in /var/www/html/test.php and I have it run the code shell_exec('touch /home/pi/Desktop/test_file')

However, the webpage displays fine but when I check the apache log files, I always get permission denied. I understand that apache is running as www-data user and my main user pi probably have some permission clash (I'm new to this stuff).

I tried many options I found on-line, the most promising was here, which suggested I run the commands:

sudo chown -R pi:www-data /home/pi/Desktop
sudo chmod -R g+s /home/pi/Desktop

...but I still get permission denied. Can anyone please suggest what permissions I may need to still configure? I want to ensure security, but at the same time need my PHP file to be able to create new files. I used the Desktop as an example directory, but really I don't care which directory, I just need a directory. I tried touching a file within /var/www/html, but that was permission denied as well. Thanks!

Community
  • 1
  • 1
jake9115
  • 3,964
  • 12
  • 49
  • 78
  • `sudo chmod -R 755 /home/pi/Desktop` should probably fix it. – Amal Murali Dec 18 '15 at 19:42
  • why not use touch() ? http://php.net/manual/en/function.touch.php – Jigar Dec 18 '15 at 19:48
  • Is `sudo chmod -R 755 /home/pi/Desktop` safe security-wise? I have no idea about on-line security, but are there any security concerns about unauthorized access to this web-server? – jake9115 Dec 18 '15 at 19:52
  • @jake9115: The 755 will apply read, write & execute permissions for the owner, and read & execute permissions for the group & others. The -R flag indicates this should be recursive through the whole /var/www/ directory & subfolders. – Amal Murali Dec 18 '15 at 19:52
  • Thanks for the explanation. I did execute `sudo chmod -R 755 /home/pi/Desktop` but still get `permission denied` – jake9115 Dec 18 '15 at 19:57

2 Answers2

1

First of all, why the heck are you using shell_exec to create a file? PHP has it's own touch() function that will do that for you. You can also create files just by opening a nonexistent file using certain modes (ie, fopen("myfile", "w"))

Using exec to create your files is surely messing with your permissions.

You need to find out which user PHP is running as and chown to that user. You can find that out by running get_current_user().

Then you need to change the permissions with chmod. There's an example in the comments so I won't repeat it. Good luck. Stop using shell_exec.

I wrestled a bear once.
  • 22,983
  • 19
  • 69
  • 116
1

if your apache process is running as www-data, and the file ownership is pi:www-data, you probably need to run this chmod:

sudo chmod -R g+w /home/pi/Dekstop

First, setting the group as www-data won't matter if the files are not group writable. Mode 755 will ensure apache can read the files, but the www-data user would still not be able to write.

Secondly, using "g+w" adds group write without messing with any of the other bits. [644 becomes 664, and 755 becomes 775)]. This way you can safely adjust permissions recursively, without making files executable that shouldn't be.

Incidentally, sudo chmod g+s ... is probably not what you want. That will instead set the sgid bit, and not the group write bit.

Christopher Hunter
  • 240
  • 3
  • 10