I have a directory called /folder1/folder2/folder3 where our program resides; the program houses a php gui, python CLI tools and lots of big files. The big files are uploaded via the gui and processed by the python scripts (which includes coping or moving the files around, or creating new processed versions of the files).
I am able to set the permission bits reliably for any files affected by apache by either:
chmod($inputs_metric_file, 0777);
//or something like
$oldmask = umask(0);
mkdir($inputs_report_dir, 0777);
However this continously fails
chown($inputs_report_dir, "cas");
chgrp($inputs_report_dir, "casgrp");
With this error:
Warning: chown(): Operation not permitted in /folder1/folder2/folder3 on line 45
Warning: chgrp(): Operation not permitted in /folder1/folder2/folder3 on line 46
Important: apache is not a member of the casgrp; I do not want apache to be a member as it has too many permissions. I have read that apache can't change the group unless it's a member of the new group; I suspect I need to bypass that somehow and in a restricted fashion. Even if I was able to assign apache to the casgrp, I still cannot change the user.
Why: we really want everything in /folder1/folder2/folder3 to be assigned to cas:casgrp always.
We've added the following lines to the sudoers file:
apache ALL=NOPASSWD: /folder1/folder2/folder3/cli_tool1,/folder1/folder2/folder3/cli_tool2,/bin/chown 8008 /folder1/folder2/folder3/
I've read that in httpd you can change the following, which may provide an avenue to the goal:
User apache
Group apache
... but I have concerns as I really don't know what this is doing and don't want apache to have the full permissions of the cas account/group for security reasons... I only want it to be able to help keep user/group/permissions consistent in our folder hierarchy.
What are we doing wrong?
