In some cases, I utilize the copy() function to generate files and directories, while in other instances, I construct XML files in PHP and save them using DOMDocument::save. When safe mode is enabled, PHP verifies if the files or directories being manipulated have the identical owner as the executing script.
An update reveals that the issue is more complex than initially anticipated. I was simultaneously troubleshooting the reason behind the malfunction of my
. It was due to the manual alteration of permissions for
for testing purposes, followed by reverting them back and introducing a new
to the script. However, this code does not function as it is executed by
and not myself. To avoid confusion, I will create a separate question to address the larger problem.
As a lab instructor at my university, I have been rewriting the assignment upload script provided by them. The existing script, which is written in python, is outdated and has bugs. Instead of modifying it, I have decided to write a new script in php.
There is an issue that I encountered with chown not functioning properly. The php scripts are executed under the user
. I am uncertain if this user is considered ‘privileged’ or not, but the initial script utilized chown.
Can I conclude that
possesses the necessary authority, indicating that my issue may lie elsewhere, or is this line of reasoning flawed?
The server belongs to the university, so they won’t allow me to modify any configurations. I believe they are running CentOS. Although there is no error message, I noticed that I can modify the file and change permissions, but the subsequent command (
) doesn’t seem to have any impact.
In the display of the previous scripts,
-rwxr-xr-x 1 mattw labstaff 5067 Sep 1 17:52 File_Upload.cgi
The setuid bit does not appear to be enabled.
According to Stefan, the user apache probably lacks sufficient permissions to chown a file or folder that it does not own. I am trying to access the directory
, which was recently created using
, so it should be owned by apache. In this case, shouldn’t
work regardless of privilege, considering that I already own the file?
The ability for Apache to perform the specified action depends on the privileges it has in its current environment. Considering that you mentioned Apache is running under the user apache, I will make the assumption that it is either RHEL or a RHEL variant like Centos.
To grant apache the ability to sudo without a password within a specific directory, you can edit the sudoers file (using visudo). However, it is important to note that this is not advisable for those who prioritize security.
Adding something like
The user “apache” is granted permission to execute the command “/bin/chown 1[1-9][0-9][0-9]:1[1-9][0-9][0-9] /var/www/[a-zA-Z0-9]*” without the need for a password.
It is possible to include apache in a separate group, or add another user to the apache group, and then adjust the chmod to either 0775 or 0664.
To ensure effective troubleshooting, it is recommended to provide the code triggering the error, any accompanying error message, as well as specify the users and groups requiring access to the uploaded files.
If the Apache user runs the old script and can execute
, it might have the setuid bit enabled to enable it to run with higher privileges. If that is the case, your assumption would be incorrect.
Kindly provide the output of
ls -al /path/to/script
to verify. The output should indicate
as the owner and a
in its mode.
To activate setuid mode for the new script, ensure that
is implemented. However, it is important to be aware of the potentially significant security risks associated with this. Specifically, it is crucial to never leave a setuid script or binary in a writeable state.
It is probable that the user apache lacks sufficient permissions to chown a file/folder that it does not own. Granting apache additional rights is an option, although this may pose a security risk.