PHP mkdir and apache ownership

Question

Is there a way to set php running under apache to create folders with the folder owned by the owner of the program that creates it instead of being owned by apache?

Answer 1

Check out PHP chown() function

Answer 2

Safe_mode is turn on on your server. The function mkdir() creates folder with owner ("apache", "none", ..) that different of the current script owner. And scripts couldn't upload (move, copy) files into that folder with another owner (that is not like current script owner).

Disable safe_mode and that would be work.

See http://php.net/manual/en/features.safe-mode.php for details.

P.S. With enable safe_mode you can't use chmod() function in php.

Answer 3

Not directly, no. You can't "give away" ownership of a file to another user, unless you're root. You could investigate using the "AssignUserID" apache directive to force that particular vhost to run as a particular user/group. With that Apache/PHP would create any files with the appropriate ownership

Answer 4

Another way is to put the apache user and the "customer users" in a new group. Additional the directory should use the sticky bit SGID so each new file got the group assignment to this new group. This way the webserver and the "customer users" can work with the files without any problems

[17:57] progman@proglap /tmp/test $ ls -al /tmp/test
total 9
drwxrwsr-x  2 root users   48 Apr  1 17:55 .
drwxrwxrwt 36 root root  9264 Apr  1 17:53 ..

As you see the directory got the stick bit SGID and the owner is the "users" group in which I (progman) am. No if another user adds a file the group automatically get set to this group

[17:55] proglap ~ # touch /tmp/test/x

This is executed from root. Now we get:

[17:57] progman@proglap /tmp/test $ ls -la /tmp/test
total 9
drwxrwsr-x  2 root users   72 Apr  1 17:59 .
drwxrwxrwt 36 root root  9264 Apr  1 17:53 ..
-rw-r--r--  1 root users    0 Apr  1 17:59 x

As you see the added file is from root, but the group is set to users and this way I can remove it

[18:00] progman@proglap /tmp/test $ rm x
rm: remove write-protected regular empty file `x'? y
[18:01] progman@proglap /tmp/test $ ls -la /tmp/test
total 9
drwxrwsr-x  2 root users   48 Apr  1 18:01 .
drwxrwxrwt 36 root root  9264 Apr  1 17:53 ..

Keep in mind that you still need to change the chmod if you want to edit the file as rw-r--r-- is just group read access. But changing the chmod, maybe even working with umask, is better than dealing with root-access and using chown.