Permissions

Re: Permissions

Shelly wrote:
[color=blue]
> I have a new server and I have my files up there. The files are in
> /var/www/html/. In this directory I have another directory that I created
> called "users". I am unable to figure out how to set permissions on this
> directory, and what those permissions should be. I am using ShieldHost.
>
> When there is a new user, and he enters his desired name and password, as
> part of the process I want to create a small directory tree under "users"
> with the username as the top level. I get that I don't have permission to
> do that with the mkdir in the code. The line of code is:
>
> mkdir($_SESSION['UserRoot'] . $ss_username, 0755);
>
> where the session variable has the directory path ending in "/".
>
> Any ideas?
>
> Shelly[/color]

Hi Shelly,

You question is not complete.

1) Who is the owner of /var/www/html/users/ ??
2) What are the permissions set on /var/www/html/users/ ??
3) Who is running PHP? Which user? Apache? WWW-DATA? NOBODY?
And does that user has rights to to add a new dir in /var/www/html/users/ ??

Maybe if you try to answer these questions, you may find out what goes
wrong. :-)

Good luck.

Regards,
Erwin Moller

Re: Permissions


"Erwin Moller"
<since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om> wrote in
message news:42b9190f$0 $27856$e4fe514c @news.xs4all.nl ...[color=blue]
> Shelly wrote:
>[color=green]
>> I have a new server and I have my files up there. The files are in
>> /var/www/html/. In this directory I have another directory that I
>> created
>> called "users". I am unable to figure out how to set permissions on this
>> directory, and what those permissions should be. I am using ShieldHost.
>>
>> When there is a new user, and he enters his desired name and password, as
>> part of the process I want to create a small directory tree under "users"
>> with the username as the top level. I get that I don't have permission
>> to
>> do that with the mkdir in the code. The line of code is:
>>
>> mkdir($_SESSION['UserRoot'] . $ss_username, 0755);
>>
>> where the session variable has the directory path ending in "/".
>>
>> Any ideas?
>>
>> Shelly[/color]
>
> Hi Shelly,
>
> You question is not complete.
>
> 1) Who is the owner of /var/www/html/users/ ??[/color]

I created the users directory when I logged in as webmaster via the
ShieldHost.com admin interface for my website. So, webmaster owns the
directory as well as all the *.php code in the directory /var/www/html.
When a user uses the URL, it is that code that is run. I assumed that since
the code is owned by webmaster, that the permissions on the server are also
that for webmaster and so should be able to create the directories under
users.
[color=blue]
> 2) What are the permissions set on /var/www/html/users/ ??[/color]

I don't know and can't seem to determine them from the interface provided by
ShieldHost. When I log into the administration interface there is a "File
Manager" option. If I drill down to the users directory, I don't have any
option to see the permissions.
[color=blue]
> 3) Who is running PHP? Which user? Apache? WWW-DATA? NOBODY?[/color]

Apache on the server.
[color=blue]
> And does that user has rights to to add a new dir in /var/www/html/users/
> ??[/color]

I guess not since it says I don't have permission. How can I find out? How
can I give Apache that right, since it is Apache that is actually running
the code? In the ShieldHost admin interface (at ShieldHost.com) , when I
click on services/Apache and then "Protect Directories", it shows that the
/var/www/html/users directory is unprotected. I don't see where to give
Apache any rights.

BTW, I just tried a little experiment. I tried to create a directory in the
/var/www/html of just the username supplied by the user. IOW, I didn't put
things in a subdirectory "users". It also failed due to permissions, so the
problem is not with the "users" directory, but with the parent directory.
Should I try some directory somewhere else?
[color=blue]
> Maybe if you try to answer these questions, you may find out what goes
> wrong. :-)[/color]

Not yet :-(
[color=blue]
>
> Good luck.[/color]

Thanks.

Shelly

Re: Permissions

I found out how to get the permissions on the directories. They were set to
RE for group and others. Owner, webmaster, had RWE. Giving RWE to group
didn't do anything. Giving RWE to others didn't do anything.

Shelly


"Shelly" <sheldonlg.news @asap-consult.com> wrote in message
news:C6ednYEfV4 gk2STfRVn-sg@comcast.com. ..[color=blue]
>
> "Erwin Moller"
> <since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om> wrote in
> message news:42b9190f$0 $27856$e4fe514c @news.xs4all.nl ...[color=green]
>> Shelly wrote:
>>[color=darkred]
>>> I have a new server and I have my files up there. The files are in
>>> /var/www/html/. In this directory I have another directory that I
>>> created
>>> called "users". I am unable to figure out how to set permissions on
>>> this
>>> directory, and what those permissions should be. I am using ShieldHost.
>>>
>>> When there is a new user, and he enters his desired name and password,
>>> as
>>> part of the process I want to create a small directory tree under
>>> "users"
>>> with the username as the top level. I get that I don't have permission
>>> to
>>> do that with the mkdir in the code. The line of code is:
>>>
>>> mkdir($_SESSION['UserRoot'] . $ss_username, 0755);
>>>
>>> where the session variable has the directory path ending in "/".
>>>
>>> Any ideas?
>>>
>>> Shelly[/color]
>>
>> Hi Shelly,
>>
>> You question is not complete.
>>
>> 1) Who is the owner of /var/www/html/users/ ??[/color]
>
> I created the users directory when I logged in as webmaster via the
> ShieldHost.com admin interface for my website. So, webmaster owns the
> directory as well as all the *.php code in the directory /var/www/html.
> When a user uses the URL, it is that code that is run. I assumed that
> since the code is owned by webmaster, that the permissions on the server
> are also that for webmaster and so should be able to create the
> directories under users.
>[color=green]
>> 2) What are the permissions set on /var/www/html/users/ ??[/color]
>
> I don't know and can't seem to determine them from the interface provided
> by ShieldHost. When I log into the administration interface there is a
> "File Manager" option. If I drill down to the users directory, I don't
> have any option to see the permissions.
>[color=green]
>> 3) Who is running PHP? Which user? Apache? WWW-DATA? NOBODY?[/color]
>
> Apache on the server.
>[color=green]
>> And does that user has rights to to add a new dir in /var/www/html/users/
>> ??[/color]
>
> I guess not since it says I don't have permission. How can I find out?
> How can I give Apache that right, since it is Apache that is actually
> running the code? In the ShieldHost admin interface (at ShieldHost.com) ,
> when I click on services/Apache and then "Protect Directories", it shows
> that the /var/www/html/users directory is unprotected. I don't see where
> to give Apache any rights.
>
> BTW, I just tried a little experiment. I tried to create a directory in
> the /var/www/html of just the username supplied by the user. IOW, I
> didn't put things in a subdirectory "users". It also failed due to
> permissions, so the problem is not with the "users" directory, but with
> the parent directory. Should I try some directory somewhere else?
>[color=green]
>> Maybe if you try to answer these questions, you may find out what goes
>> wrong. :-)[/color]
>
> Not yet :-(
>[color=green]
>>
>> Good luck.[/color]
>
> Thanks.
>
> Shelly
>[/color]

Re: Permissions

Shelly wrote:
[color=blue]
> I found out how to get the permissions on the directories. They were set
> to
> RE for group and others. Owner, webmaster, had RWE. Giving RWE to group
> didn't do anything. Giving RWE to others didn't do anything.
>
> Shelly
>[/color]


Hi,

I don't know about schieldhost.com , so I cannot help there.

I could try to help you to open up the directory (chmod 777 style, which is
bad), but it is really better you know what you are doing, so you can fix
this yourself in future.
I suggest you read up a little on filepermission on Linux/GNU systems.
(links follow)

Do you have shell access to the computer where this material is located??
Can you start anything like BASH, SH, etc??
Or telnet?

If you have: log in and use commands like
ls -l
chown
etc..

Have a look at some online documentation, eg here is some from redhat:


look under: 11. Shell Prompt Basics
and click Ownership and Permissions

or if you have the time: read the whole chapter 11.

Hope this helps.

Regards,
Erwin Moller

Re: Permissions

Thanks, but I do understand the file permissions on a Unix system (I have
worked in Unix) and I do not have shell access to the hosting server. All I
have is the interface they supply, which does allow me to change
permissions, but not owners.

I have no way of determining what the "user name" for the Apache is -- and I
surmise that is who the user must be on the server.

I agree that opening it with 777 is bad. I used 755.

Shelly

"Erwin Moller"
<since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om> wrote in
message news:42b9570c$0 $31293$e4fe514c @news.xs4all.nl ...[color=blue]
> Shelly wrote:
>[color=green]
>> I found out how to get the permissions on the directories. They were set
>> to
>> RE for group and others. Owner, webmaster, had RWE. Giving RWE to group
>> didn't do anything. Giving RWE to others didn't do anything.
>>
>> Shelly
>>[/color]
>
>
> Hi,
>
> I don't know about schieldhost.com , so I cannot help there.
>
> I could try to help you to open up the directory (chmod 777 style, which
> is
> bad), but it is really better you know what you are doing, so you can fix
> this yourself in future.
> I suggest you read up a little on filepermission on Linux/GNU systems.
> (links follow)
>
> Do you have shell access to the computer where this material is located??
> Can you start anything like BASH, SH, etc??
> Or telnet?
>
> If you have: log in and use commands like
> ls -l
> chown
> etc..
>
> Have a look at some online documentation, eg here is some from redhat:
>
> https://www.redhat.com/docs/manuals/...started-guide/
> look under: 11. Shell Prompt Basics
> and click Ownership and Permissions
>
> or if you have the time: read the whole chapter 11.
>
> Hope this helps.
>
> Regards,
> Erwin Moller[/color]

Re: Permissions

On Tue, 21 Jun 2005 23:39:09 -0400, Shelly wrote:
[color=blue]
> I have a new server and I have my files up there. The files are in
> /var/www/html/. In this directory I have another directory that I created
> called "users". I am unable to figure out how to set permissions on this
> directory, and what those permissions should be. I am using ShieldHost.
>
> When there is a new user, and he enters his desired name and password, as
> part of the process I want to create a small directory tree under "users"
> with the username as the top level. I get that I don't have permission to
> do that with the mkdir in the code. The line of code is:
>
> mkdir($_SESSION['UserRoot'] . $ss_username, 0755);
>
> where the session variable has the directory path ending in "/".
>
> Any ideas?
>
> Shelly[/color]

Without root access you don't have permission to create users, which you
already know because your in Unix. I don't know Sheildhost but would I be
right in thinking (from your post) that you are expecting it to have some
means to create 'sub-users' for hosting purposes?

This could only really be a controlled access system rather than a real
owner:group at system level. More of a login system to your users. But in
the end the files will still be owned by yourself.

Re: Permissions


"BearItAll" <spam@rassler.c o.uk> wrote in message
news:pan.2005.0 6.22.14.52.35.5 13440@rassler.c o.uk...[color=blue]
> On Tue, 21 Jun 2005 23:39:09 -0400, Shelly wrote:
>[color=green]
>> I have a new server and I have my files up there. The files are in
>> /var/www/html/. In this directory I have another directory that I
>> created
>> called "users". I am unable to figure out how to set permissions on this
>> directory, and what those permissions should be. I am using ShieldHost.
>>
>> When there is a new user, and he enters his desired name and password, as
>> part of the process I want to create a small directory tree under "users"
>> with the username as the top level. I get that I don't have permission
>> to
>> do that with the mkdir in the code. The line of code is:
>>
>> mkdir($_SESSION['UserRoot'] . $ss_username, 0755);
>>
>> where the session variable has the directory path ending in "/".
>>
>> Any ideas?
>>
>> Shelly[/color]
>
> Without root access you don't have permission to create users, which you
> already know because your in Unix. I don't know Sheildhost but would I be
> right in thinking (from your post) that you are expecting it to have some
> means to create 'sub-users' for hosting purposes?
>
> This could only really be a controlled access system rather than a real
> owner:group at system level. More of a login system to your users. But in
> the end the files will still be owned by yourself.[/color]

Last night they had the AFI show on with the 100 best quotes from the
movies. What came to mind is "It seems we have a failure to communicate" --
and it is my fault.

I don't want to create users that can access the server. The ShieldHost
admin interface allows me to do that -- but that is not the idea. I want to
create "users" in the same sense as "members" of a "club". This is just
like signing up for Yahoo or any of a myriad of products. None of those
users can access the server except to run the scripts from a URL and their
links. So, when I say creating a username it is for being part of a
group -- not for having an account on the server.

I want the new user/member to join the group with a username through the web
page interface I provide. I check that the name is available and then add
that user to the database. I also, at the same time as I add him to the
database of users, want to create a directory with that username under a
master directory called "users". Under this username directory I want to
create at least two other directories into which I will place files that he
will upload later. The reason for this is (a) to organize so it is
individual by users, and (b) to avoid file name collision.

The problem I am having is that no matter how I set the permissions for the
"users" directory -- or even the one above that -- I cannot create a new
directory with the username.

I hope that is clearer.

Shelly

Re: Permissions

>>> I have a new server and I have my files up there. The files are in[color=blue][color=green][color=darkred]
>>> /var/www/html/. In this directory I have another directory that I
>>> created
>>> called "users". I am unable to figure out how to set permissions on this
>>> directory, and what those permissions should be. I am using ShieldHost.[/color][/color][/color]

You apparently have *THREE* types of users here.

There are MySQL users, who are authorized to access the database.
Typically a PHP web page has one of these hidden in it somewhere
so the page can access the DB. Occasionally a user will enter their
own MySQL DB password into a web page for use accessing the DB, but
usually, it's the PAGE, not the USER who has the DB access authority.

There are web users, who log into a web page. Typically these users
are listed in a MySQL table (NOT the MySQL privilege table) but
they do not have authority to log into the DB directly. These are
a creation of the web page itself, which enforces logins.

There are OS users, who have permissions to access files.
[color=blue][color=green][color=darkred]
>>> When there is a new user, and he enters his desired name and password, as[/color][/color][/color]
Web user.
[color=blue][color=green][color=darkred]
>>> part of the process I want to create a small directory tree under "users"
>>> with the username as the top level. I get that I don't have permission
>>> to
>>> do that with the mkdir in the code. The line of code is:[/color][/color][/color]

The OS user Apache is running as does not have permission to
create a directory where you want it to.
[color=blue][color=green][color=darkred]
>>>
>>> mkdir($_SESSION['UserRoot'] . $ss_username, 0755);
>>>
>>> where the session variable has the directory path ending in "/".
>>>
>>> Any ideas?
>>>
>>> Shelly[/color]
>>
>> Without root access you don't have permission to create users, which you[/color][/color]

You can't create OS users, and you may or may not be able to create
MySQL users (later on it seems you can create MySQL users, which
isn't what you need). You CAN create web users, as your page handles
all of that.
[color=blue][color=green]
>> already know because your in Unix. I don't know Sheildhost but would I be
>> right in thinking (from your post) that you are expecting it to have some
>> means to create 'sub-users' for hosting purposes?
>>
>> This could only really be a controlled access system rather than a real
>> owner:group at system level. More of a login system to your users. But in
>> the end the files will still be owned by yourself.[/color]
>
>Last night they had the AFI show on with the 100 best quotes from the
>movies. What came to mind is "It seems we have a failure to communicate" --
>and it is my fault.
>
>I don't want to create users that can access the server. The ShieldHost[/color]

MySQL users.
[color=blue]
>admin interface allows me to do that -- but that is not the idea. I want to
>create "users" in the same sense as "members" of a "club". This is just[/color]

Web users.
[color=blue]
>like signing up for Yahoo or any of a myriad of products. None of those
>users can access the server except to run the scripts from a URL and their
>links. So, when I say creating a username it is for being part of a[/color]
Web users.[color=blue]
>group -- not for having an account on the server.[/color]
MySQL users.
[color=blue]
>I want the new user/member to join the group with a username through the web[/color]
Web users.
[color=blue]
>page interface I provide. I check that the name is available and then add
>that user to the database. I also, at the same time as I add him to the[/color]
Web users.
[color=blue]
>database of users, want to create a directory with that username under a
>master directory called "users".[/color]
Web users.
[color=blue]
>Under this username directory I want to
>create at least two other directories into which I will place files that he
>will upload later. The reason for this is (a) to organize so it is
>individual by users, and (b) to avoid file name collision.
>
>The problem I am having is that no matter how I set the permissions for the
>"users" directory -- or even the one above that -- I cannot create a new
>directory with the username.[/color]

The OS user that apache / PHP are running as does not have OS privileges
to create the directory.

It may simply be hosting site policy that the Apache/PHP OS user
does not have privileges to write files *ANYWHERE*. If you want
to write something, stuff it in the database, put it on a user
machine as a cookie, or forget about saving it. You FTP stuff in
as a different OS user which does give you permission to write.
This protects the web site against viruses and such. It can also
be very annoying to customers like you who want to write files.

If you want OS permissions to create a writable directory, I
think you'll have to ask your host for it. You might be able
to do it through the ShieldHost control panel, but I've never
seen that, so I don't know how.

Gordon L. Burditt

Re: Permissions


"Gordon Burditt" <gordonb.wppv6@ burditt.org> wrote in message
news:11bjdorp4l 0m912@corp.supe rnews.com...[color=blue][color=green][color=darkred]
>>>> I have a new server and I have my files up there. The files are in
>>>> /var/www/html/. In this directory I have another directory that I
>>>> created
>>>> called "users". I am unable to figure out how to set permissions on
>>>> this
>>>> directory, and what those permissions should be. I am using
>>>> ShieldHost.[/color][/color]
>
> You apparently have *THREE* types of users here.
>
> There are MySQL users, who are authorized to access the database.
> Typically a PHP web page has one of these hidden in it somewhere
> so the page can access the DB. Occasionally a user will enter their
> own MySQL DB password into a web page for use accessing the DB, but
> usually, it's the PAGE, not the USER who has the DB access authority.[/color]

No, my users do not access the MySQL database. That is done solely by the
page. Oh, I, as the administrator, can access the database through the
admin interface. The users cannot.
[color=blue]
> There are web users, who log into a web page. Typically these users
> are listed in a MySQL table (NOT the MySQL privilege table) but
> they do not have authority to log into the DB directly. These are
> a creation of the web page itself, which enforces logins.[/color]

Those are the only kind of users I have (other than administrators) .
[color=blue]
> There are OS users, who have permissions to access files.[/color]

That is me.
[color=blue][color=green][color=darkred]
>>>> When there is a new user, and he enters his desired name and password,
>>>> as[/color][/color]
> Web user.
>[color=green][color=darkred]
>>>> part of the process I want to create a small directory tree under
>>>> "users"
>>>> with the username as the top level. I get that I don't have permission
>>>> to
>>>> do that with the mkdir in the code. The line of code is:[/color][/color]
>
> The OS user Apache is running as does not have permission to
> create a directory where you want it to.[/color]

Exactly!!!! How do make that possible? That is the $64K question.
[color=blue][color=green][color=darkred]
>>>> mkdir($_SESSION['UserRoot'] . $ss_username, 0755);
>>>>
>>>> where the session variable has the directory path ending in "/".
>>>>
>>>> Any ideas?
>>>>
>>>> Shelly
>>>
>>> Without root access you don't have permission to create users, which you[/color][/color]
>
> You can't create OS users, and you may or may not be able to create
> MySQL users (later on it seems you can create MySQL users, which
> isn't what you need). You CAN create web users, as your page handles
> all of that.
>[color=green][color=darkred]
>>> already know because your in Unix. I don't know Sheildhost but would I
>>> be
>>> right in thinking (from your post) that you are expecting it to have
>>> some
>>> means to create 'sub-users' for hosting purposes?
>>>
>>> This could only really be a controlled access system rather than a real
>>> owner:group at system level. More of a login system to your users. But
>>> in
>>> the end the files will still be owned by yourself.[/color]
>>
>>Last night they had the AFI show on with the 100 best quotes from the
>>movies. What came to mind is "It seems we have a failure to
>>communicate " --
>>and it is my fault.
>>
>>I don't want to create users that can access the server. The ShieldHost[/color]
>
> MySQL users.
>[color=green]
>>admin interface allows me to do that -- but that is not the idea. I want
>>to
>>create "users" in the same sense as "members" of a "club". This is just[/color]
>
> Web users.
>[color=green]
>>like signing up for Yahoo or any of a myriad of products. None of those
>>users can access the server except to run the scripts from a URL and their
>>links. So, when I say creating a username it is for being part of a[/color]
> Web users.[color=green]
>>group -- not for having an account on the server.[/color]
> MySQL users.
>[color=green]
>>I want the new user/member to join the group with a username through the
>>web[/color]
> Web users.
>[color=green]
>>page interface I provide. I check that the name is available and then add
>>that user to the database. I also, at the same time as I add him to the[/color]
> Web users.
>[color=green]
>>database of users, want to create a directory with that username under a
>>master directory called "users".[/color]
> Web users.
>[color=green]
>>Under this username directory I want to
>>create at least two other directories into which I will place files that
>>he
>>will upload later. The reason for this is (a) to organize so it is
>>individual by users, and (b) to avoid file name collision.
>>
>>The problem I am having is that no matter how I set the permissions for
>>the
>>"users" directory -- or even the one above that -- I cannot create a new
>>directory with the username.[/color]
>
> The OS user that apache / PHP are running as does not have OS privileges
> to create the directory.
>
> It may simply be hosting site policy that the Apache/PHP OS user
> does not have privileges to write files *ANYWHERE*. If you want
> to write something, stuff it in the database, put it on a user
> machine as a cookie, or forget about saving it. You FTP stuff in
> as a different OS user which does give you permission to write.
> This protects the web site against viruses and such. It can also
> be very annoying to customers like you who want to write files.
>
> If you want OS permissions to create a writable directory, I
> think you'll have to ask your host for it. You might be able
> to do it through the ShieldHost control panel, but I've never
> seen that, so I don't know how.
>
> Gordon L. Burditt[/color]

I guess I will have to right a "trouble ticket" to get that to happen.

Shelly

Re: Permissions

Shelly wrote:

<snip>
[color=blue][color=green]
>> The OS user Apache is running as does not have permission to
>> create a directory where you want it to.[/color]
>
> Exactly!!!! How do make that possible? That is the $64K question.[/color]

1) By finding out which OS user it is that Apache runs as.
2) Making sure the directory in which you want to create files/directories
INCLUDES that user mentioned under 1).
This can be done by opening the directory to:
- everybody (chmod 777), which will surely include the user under 1).
- a group

I think the group-approach is the best.
Create a group called shellyapache, and add user shelly and user apache to
it.

Now create the directory IN WHICH you want to create new directories and
give appropriate filepermission TO THE GROUP shellyapache.

In that way you directory is safe for everybody.

One drawback is that other users on the same machine have access to the same
apache-user (under most configurations) , and they could try to reach this
directory.
If this is a concern to you:
An easy (not state of the art) way to make this more difficult is naming the
directy strange, like HJKGJHFHTGDFHGJ FJH76456546.
Nobody will guess that.


Hope this helps.

Regards,
Erwin Moller

PS: If you need help with groups and such, read the URL from Redhat I sent
you in a previous post.