1

I'm trying to replace the contents of a file in a different folder than my php file folder, and I'm getting an error: "Failed to open stream, Permission Denied"

I'm using the put_file_contents function to change the file contents. I searched online for a solution to this problem and found that the file directory is allowed to be written only by the owner/user. I checked directory properties in filezilla (ftp), and found that the directory was not writable by group or public.

In filezilla, I tried allowing the directory to be written by public, and the php file was able to write to the folder's file.

Therefore, I think I can easily set the permissions to the file only, and not the directory, and easily replace it's content by setting the permission as writable by public. Although I don't understand what owner/group/public options mean? Cause this is supposed to be a website's webserver hosted on a paid domain host, and I'm not sure if the public write option is safe or not, or why would there be user groups for a webserver hosting only a single website?

Since only a php file can change the contents on a webserver, why is a public option provided for a webserver? If it's for uploads, then that too means the upload page resides on the server! I cannot access the terminal on ftp or cpanel therefore I cannot execute chmod etc...

Please could someone provide more detail regarding security risks to files with public write permissions?

mk117
  • 753
  • 2
  • 13
  • 26
  • If your site is on a shared hosting, public access can make serious security problems for you. – Ahmad Aug 27 '16 at 17:25
  • There is a reason why you are not allowed to do it. You cannot solve it in PHP, you have to fix the permissions issue. – Peter VARGA Aug 27 '16 at 17:34
  • is there any way to delete the file and write it again with permissions to the php file instead? – mk117 Aug 27 '16 at 17:41
  • If I replace the file over ftp with a new file, then would the permissions still be there for that particular file(s) to be rewritten via php? – mk117 Aug 28 '16 at 11:42

1 Answers1

0

A server is still a computer, like any of them. This means that you can create several users, and that a lot of things can happen.

Your server might not necessarily stay only a web server. Obviously it is also an FTP server, and you probably also can access it using ssh. In the future you might want to use it for another purpose.

In any case, even if you use it just as a web server, setting a folder's permission as writable to the every user is dangerous, because of the security risks that your code most inevitably will have. It can act as a safeguard : even if you write something dangerous in the future, it contains the damage.

That is the reason why on some systems, the software responsible for serving http requests (typically Apache) runs as a specific user httpd.

User groups is just what it says it is : defined groups of users. You can read about it easily online.

Vic Seedoubleyew
  • 9,888
  • 6
  • 55
  • 76
  • Hi Vic! Does [this answer](http://stackoverflow.com/questions/2900690/how-do-i-give-php-write-access-to-a-directory) solve the file permission issue? Also, if I replace the file after the script (in answer) runs, would the file permissions still be granted to the php script? – mk117 Aug 28 '16 at 11:47