Warning: Function split() is deprecated in ..../global.php(29) : eval()'d code on line 31
File Ownership Problems
Results 1 to 1 of 1

Article: File Ownership Problems

  1. File Ownership Problems

    0 Comments by admin Published on 9th April 2010 01:48
    One of the most viral problems on servers is the file ownership and write permissions issue. This problem causes some problems when a php script tries to write a file on the server. Fortunately, Joomla 1.5 has an FTP layer and it usually solves the problem. Also there are two nice solutions, phpsuexec and suphp. Now, let's go further and understand the nature of this problem.

    On servers, there are defined users and user groups. All operations are executed with an owner user name. It does not matter whether your user or httpd (or nobody, apache, whatever else apache user is) owns the Joomla core files. File ownership is determined upon file creation. It is determined by the user that owns the operating system process that creates the file in the filesystem.

    For example when you create a new account for your domain, a new user for your domain is created automatically. Lets assume that we create a new account for http://www.example.com. And again, lets assume that assigned user name is examp for this domain. Now lets see the case.


    1. You upload a php file with FTP. Or a better example, you upload your Joomla php files. When you try to connect to your server with an FTP client, you should enter a user name and a password. Usually, -we are analyzing the most common case-, this user name will be the one when your account is created. In our case, it is examp. Now, an important point, the owner of the uploaded files will be examp.
    2. A second important point. The owner of Apache processes. For some security reasons, Apache runs its processes owned by a "special" user... often named nobody, or apache, or httpd, or any other cute name that a sysadmin names it in the conf file. In this case we will say the apache user is named nobody. Lets assume that the write permissions for the uploaded file are 0644. When Apache tries to read and process uploaded php files, there will be no problems. Because this 644 means that everybody can read the file, but only owner can write the file. So, when Apache tries to change a file of examp, it will fail. In this same case lets assume that write permissions for an examp ownered folder is 0755. Again, this means that everybody can read the file, but only owner can write the file. Apache will not be able to write in this folder.
    3. When you upload a file via a php script, e.g. a video file, an image file or a php file as a bad choice. The owner of the file will be nobody. Because the uploader php script is being processed with nobody user name. Also when a file is created by a php script on-fly, the owner of this file will be nobody. At the first glance, these ownership differences seems ok and will not cause any problems. But when it comes to editing and writing files, problems rises. The files will not be written because of write permission issues.
    4. Seyret creates some files on-fly, language files, xml files, javascript files and some php files. It is obvious that if you are having a file ownership and write issue, Seyret will not work as expected. You should solve this problem before you go on using Seyret.

    Solutions for this problem:


    1. The worst solution: Changing the file permissions with a more loose value. For example changing folder ownerships with 0777 value. This may sometimes solve your problems but please don't forget, this is a real security problem. This is a bit widely used, but we never advice this solution. Also don't forget, it may not solve all of your problems under some conditions.
    2. The best solution: Install suphp or phpsuexec on your server. These are the magic and really wonderful programs that switch user when executing php scripts. On most cases, these are installed by host providers. Please contact host support desk and request suphp or phpsexec to be installed on your server. You will not have any file ownership problems and as you will keep permission values in strict values, this solution will provide you a better security.
    3. An alternative solution: Enable Joomla ftp layer from your site configuration. As this file ownership problem had started to cause many problems with components, modules etc, Joomla core developers implemented this wonderful tool. Seyret uses Joomla file API in all file and folder operations. So, if you are having a file ownership problem on your server, Joomla will automatically use your ftp login details and complete the process. If you don't want to use second solution above, we strongly advice you to enable ftp layer in Joomla configuration.

    As listed above, there are some solutions for your file ownership problem. Seyret widely makes file and folder operations. To be able to use Seyret without problems, try second and third solutions. Please don't forget that your file ownership problems are not bugs in Seyret. We have summarized above, but if you don't feel comfortable about this document, we suggest you to search about Apache file ownership system. It is a viral issue and you can find lots of documents on the net.
    Last edited by admin; 29th April 2010 at 03:53.

  2. Total Comments 0

    Comments

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •