CRON scripts fail to access group-shared directories

Re: CRON scripts fail to access group-shared directories

comp.lang.php wrote:[color=blue]
> Original thread in
> http://www.phpbuilder.com/board/show...1#post10659321
>
> I have CRON scripts with owner/group relationship of "phillip/apache"
> that need to access directories within the docroot. The directories,
> if I create them, will have owner/group relationship of
> "phillip/apache", and all is well since they are all group-accessible
> (permissions of 0770).
>
> However, I have a web app within the docroot that has the ability to
> spawn folders of its own. These folders will, of course have
> owner/group relationship of "apache/apache", and for security purposes
> must also have permissions of 0770.
>
> When my CRON scripts accesses the "phillip/apache" folders, all is
> well. However, when it access the "apache/apache" folders, I get a PHP
> warning "Permission Denied" when trying to access these folders using
> this:
>
> [PHP]<? $dirID = opendir($dir); ?>[/PHP]
>
> The original thread I posted has one PHP expert stumped and so far I've
> been consistent in stumping everyone else I know, so I'm looking to
> break that trend and find someone that can help me figure this out.
>
> Thanx
> Phil
>[/color]

Phil,

The scripts themselves may have an owner/group as phillip/apache - but
what user are they running under?

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: CRON scripts fail to access group-shared directories




On 9/9/05 3:30 PM, in article gZSdnWoBhal-SbzeRVn-qQ@comcast.com, "Jerry
Stuckle" <jstucklex@attg lobal.net> wrote:
[color=blue]
> Phil,
>
> The scripts themselves may have an owner/group as phillip/apache - but
> what user are they running under?[/color]

. . . Or more specifically, what "user" is the "cron process" running
under? Crontabs running as root should be OK . . .

Re: CRON scripts fail to access group-shared directories

Jamie Davison wrote:[color=blue]
>
>
> On 9/9/05 3:30 PM, in article gZSdnWoBhal-SbzeRVn-qQ@comcast.com, "Jerry
> Stuckle" <jstucklex@attg lobal.net> wrote:
>
>[color=green]
>>Phil,
>>
>>The scripts themselves may have an owner/group as phillip/apache - but
>>what user are they running under?[/color]
>
>
> . . . Or more specifically, what "user" is the "cron process" running
> under? Crontabs running as root should be OK . . .
>
>
>
>
>
>[/color]

You should never run cron processes under "root" unless they need access
to resources which are restricted to root. It's a huge security hole!

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

A little help from php in determining file owner and permissions. You created a CRON file so create another entry that runs a php script. Have it go through the same process but report back the Username and GroupName. Remember to try and use the full path to the PHP executable as crontab doesn't run unix profile scripts that might normally add the location of the PHP executable to the envroment path.

;) ie:
* * * * * /usr/bin/php -q /usr/www/myname/mysite/jobs/main.php
[PHP]

// Sample codes for figureing out permissions problems
// where $_tmp_name_ is a string containing the full path to a file
// that is created somewhere else in the PHP Script,
// I'd suggest creating a file in /tmp first as it has more generous permissions
// Note that you normally retrieve the ID's of the groups and names not the
// actual names themselves thus the second function posix_get...
$groupid = filegroup($_tmp _name_);
echo highlight_strin g(print_r( posix_getgrgid( $groupid),true) ,true);

//Some times you need to change the group from in PHP.
//chgrp ( $_tmp_name_, $groupid);

// Returns the user ID of the owner of the file, or FALSE in case of an error.
$userid=fileown er ( $_tmp_name_ );
echo highlight_strin g(print_r(posix _getpwuid($user id),true),true) ;

//Typically changing the userid is a no go as you normally have to have
//the web server running as root.
// chown($_tmp_nam e_, $uid);

[/PHP]

Re: CRON scripts fail to access group-shared directories

That was it.. the crontab was running under "phillip/phillip" and not
"phillip/apache" due to the fact that "phillip" is "phillip"'s default
user group. If that makes sense.

Phil

How did you finally determine the actual Group?