Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
deleting a file from within a php script

Posted by jill (jill), 9 December 2002
I need to delete a text file from within a php script.

Using the unlink command, I get
Warning: Unlink failed (Permission denied)

The server admins would prefer that I do not change the folder permissions to 777.

It was suggested that I should use chmod or chown to change the permissions or the owner,
but with chmod I get the error message
Warning: chmod failed: Operation not permitted

and I have not tried chown because I do not know what to change the owner to, although if it does not let me do chmod I suppose it might not let me do chown either.

Any suggestions?

TIA
Jill

Posted by admin (Graham Ellis), 9 December 2002
I think your problem isn't PHP specific, but rather relates to the underlying operating system and permissions.  In order to delete a file (and you have the correct command), the web server process (which will have a different user ID but probably the same group ID as your own user) needs write permission to the directory.

You don't want to give those permissions to the web server, do you?    OK - keep all the files that the web server may be required to delete later (status files, etc) in a subdirectory and give  write permission to that subdirectory to the web server  

Posted by jill (jill), 2 May 2003
It seems a very long time ago that you provided the above helpful reply.

Eventually it was implemented and we have found that making the webserver a member of the group which owned the folder did indeed allow a file to be deleted from a php script.

However I think I may not have properly understood the reply.  What is the problem with giving the webserver permissions to a folder?  Should we make a separate group for the the folder which has to have the file deleted and only make the webserver belong to that group?

TIA

Posted by admin (Graham Ellis), 5 May 2003
Hmm.   Thinking back on my comments here ...

On a (shared) web server, you have a user account through which you place your files on the server (perhaps through FTP) and do whatever admin's made available to you (through SSH or Telnet) ... but that's not the same user account that's used by the web server.   The web server typically runs under a special account, which is in the same group as your user account.

If you make your main directories writeable by the web server account,  you're giving them group write permission.  Potentially, any other person shaing the web server with you can upload a script to go through those directories and -- err -- modify and delete things.  By restricting the granting of extra permissions to subdirectories, you'll limit the scope of such malicious possibilities, and also make it very much harder for anyone with such tendencies to spot the possibility in the first place.

Posted by jill (jill), 12 May 2003
Many thanks for the reply.  We will read, mark, learn and also discuss again with the webserver admins.





This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho