[suPHP] suphp uploaded file permissions

Carlos C Soto csoto at sia-solutions.com
Fri Sep 26 21:05:27 CEST 2008 

Johannes Nohl wrote:
>> I installed libapache2-mod-suphp-0.6.2-1+etch0,but have some problems.
>> when I create new file with php code it's permissions seems ok.(644)
>> but uploaded files with same way is not.(600)
>
> How files are created is managed by umask. Your php.ini is set to umask = 0644.

You must try to setup the right permissions.
It is part of your application behavior and should be handled by your 
application at the time of create/upload/edit the file.
Actually, I have seen several applications with this as configurable.
As PHP process run as the user it apply the same right to change the 
permissions.

>
>> Lots of people says that file upload operation is not related with suphp.
>
> Right. It depends on how you load up. Let's say by ftp then you have
> to adjust the umask setting in your ftpd config. Or if users create
> new files using ssh you need to adjust the shells umask.
>
>
> I'd prefer to have a script that will adjust files automatically. Did
> anyone wrote something like it? Could be written in php. It
> recursively go through the files (htdocs and under) and chmod them
> depending on their suffix. Additionally there need to be a mechanism
> that prevent unwished changes. Please post it here if you've done
> already.
>

How about this? I'm using ACL under Debian Stable.

#!/bin/bash
####################################
#/usr/local/sbin/admin-repair-public_html
####################################

# Chech the executor is root
if [ "`whoami`" != "root" ]; then
  echo "You must be root to execute this script"
  exit 0
fi

# Ask for the username
echo -n "Username: "
read username
if [ -z "$username" ]; then
  echo "ERROR: Must provide a username"
  exit 0
fi

# Checking for the user
if [ -z "`grep ^${username}: /etc/passwd`" ]; then
  echo "ERROR: The user does not exists"
  exit 0
else
  if [ ! -d "/home/${username}/public_html" ]; then
    echo "ERROR: The user exists but the public_html directory doesn't"
    exit 0
  fi
fi

# Make owner of his files and acces to
chmodrecursive /home/${username} 750 640 ${username} > /dev/null
setfacl -m u:www-data:rx /home/${username}
setfacl -R -m u:www-data:rx /home/${username}/public_html
setfacl -d -R -m u:www-data:rx /home/${username}/public_html
chmodrecursive /home/${username} 750 640 ${username} > /dev/null


#!/bin/bash
####################################
#/usr/local/bin/chmodrecursive
####################################

DEBUG=""
IFS=$'\n';


function udf_change {
  chown $4:$4 "${1}" -R
  lstItem=`find "${1}"`
  for iItem in ${lstItem} ; do
    if [ "${iItem}" ]; then
      if [ "${DEBUG}" ] ; then echo -n "${iItem}: " ; fi
      if [ -L "${iItem}" ]; then
        if [ "${DEBUG}" ] ; then echo -n "link" ; fi
      elif [ -d "${iItem}" ]; then
        chmod $2 "${iItem}"
        if [ "${DEBUG}" ] ; then echo -n "dir" ; fi
      else
        chmod $3 "${iItem}"
        if [ "${DEBUG}" ] ; then echo -n "file" ; fi
      fi
      echo " ."
    fi
  done
}

function udf_syntax {
  echo "$0 directory chmod-dir chmod-file owner"
  exit 1
}

if [ -z "${1}" -o -z "${2}" -o -z "${3}"  -o -z "${4}" ]; then
  udf_syntax
fi

udf_change "${1}" "${2}" "${3}" "${4}"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.marsching.com/pipermail/suphp/attachments/20080926/a7927bf7/attachment.htm

More information about the suPHP mailing list