问题
I am trying to delete /var/www/main/user_resources/documents/NewFolder1/NewFolder1/noname3.php using PHP. As shown below, the file's owner and group is phped, it is group writable, and Michael belongs to the phped group. I am using Centos with Apache.
[Michael@devserver NewFolder1]$ pwd
/var/www/main/user_resources/documents/NewFolder1/NewFolder1
[Michael@devserver NewFolder1]$ ls -l
total 4
-rwxrwxr-x. 1 phped phped 15 Jan 5 07:02 noname3.php
[Michael@devserver NewFolder1]$ groups Michael
Michael : Michael www phped
[Michael@devserver NewFolder1]$
My PHP script is:
echo 'Current script owner: ' . get_current_user().'<br>';
echo($dirname.'</br>');
unlink($dirname);
And the output follows:
Current script owner: Michael
/var/www/main/user_resources/documents/NewFolder1/NewFolder1/noname3.php
An error occurred in script '/var/www/main/application/classes/library.php' on line 477: unlink(/var/www/main/user_resources/documents/NewFolder1/NewFolder1/noname3.php): Permission denied (error no: 2)
Why can't Michael delete the file?
回答1:
It is not Michael that is being blocked from deleting this file, but Apache. You should set apache as owner of this file and your script will work:
chmod 755 -R NewFolder1/
chown -R apache:apache NewFolder1/
Now the problem is that user Michael will not have any ftp privileges over this folder. If you want ftp privileges as well, try that:
chmod 775 -R /var/www/main/user_resources/documents/NewFolder1/NewFolder1/
chown -R Michael:apache /var/www/main/user_resources/documents/NewFolder1/NewFolder1/
The -R stands for "recursive" meaning that all files and subfolders of NewFolder1 will inherit the same permissions. However this is not really recommended -especially if you are on a shared hosting server.
To check the file permissions, use
ls -la /var/www/main/user_resources/documents/NewFolder1/NewFolder1/
Solution #2:
Login as root first!!! if you are logged in as different user, type:
su -
and then provide the root password.
Then, navigate to a local directory (ie: /usr/local/sbin) and create a script called "delete-file" and put the following lines in it:
#!/bin/sh
[ $# -ne 1 ] && {
echo "usage: $0 <filename>"
exit 1
}
file=`echo $1`
rm -f $file
[ $? -eq 0 ] && echo "File has been deleted from system!" || echo "Failed to delete the file!"
Then make this file executable:
chmod 755 /usr/local/sbin/delete-file
Then edit /etc/sudoers to add apache:
...
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
# You have to run "ssh -t hostname sudo <cmd>".
#
Defaults requiretty
Defaults:apache !requiretty ###ADD THIS LINE!
#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
...
AT THE END OF THE SAME FILE:
...
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
### ADD THIS NEXT LINE:
apache ALL=(ALL) NOPASSWD: /usr/local/sbin/delete-file
Modify your php script to look like that:
<?php
...
$filename = "/var/www/main/user_resources/documents/NewFolder1/NewFolder1/file-to-delete.php";
shell_exec('sudo -S /usr/local/sbin/delete-file '.$filename);
...
?>
Now this should be able to delete files no matter who their owner is!
回答2:
Given the information you show, you should be able to delete the file. If you can't, you likely (definitely) did not log the Linux user which is used for PHP out and then logged him back in.
来源:https://stackoverflow.com/questions/27782951/what-causes-permission-denied-errors-when-deleting-files