deleting a file from within a php script
Posted by jill (jill), 9 December 2002I need to delete a text file from within a php script.
Using the unlink command, I get
Warning: Unlink failed (Permission denied)
The server admins would prefer that I do not change the folder permissions to 777.
It was suggested that I should use chmod or chown to change the permissions or the owner,
but with chmod I get the error message
Warning: chmod failed: Operation not permitted
and I have not tried chown because I do not know what to change the owner to, although if it does not let me do chmod I suppose it might not let me do chown either.
Posted by admin (Graham Ellis), 9 December 2002I think your problem isn't PHP specific, but rather relates to the underlying operating system and permissions. In order to delete a file (and you have the correct command), the web server process (which will have a different user ID but probably the same group ID as your own user) needs write permission to the directory.
You don't want to give those permissions to the web server, do you? OK - keep all the files that the web server may be required to delete later (status files, etc) in a subdirectory and give write permission to that subdirectory to the web server
Posted by jill (jill), 2 May 2003It seems a very long time ago that you provided the above helpful reply.
Eventually it was implemented and we have found that making the webserver a member of the group which owned the folder did indeed allow a file to be deleted from a php script.
However I think I may not have properly understood the reply. What is the problem with giving the webserver permissions to a folder? Should we make a separate group for the the folder which has to have the file deleted and only make the webserver belong to that group?
Posted by admin (Graham Ellis), 5 May 2003Hmm. Thinking back on my comments here ...
On a (shared) web server, you have a user account through which you place your files on the server (perhaps through FTP) and do whatever admin's made available to you (through SSH or Telnet) ... but that's not the same user account that's used by the web server. The web server typically runs under a special account, which is in the same group as your user account.
If you make your main directories writeable by the web server account, you're giving them group write permission. Potentially, any other person shaing the web server with you can upload a script to go through those directories and -- err -- modify and delete things. By restricting the granting of extra permissions to subdirectories, you'll limit the scope of such malicious possibilities, and also make it very much harder for anyone with such tendencies to spot the possibility in the first place.
Posted by jill (jill), 12 May 2003Many thanks for the reply. We will read, mark, learn and also discuss again with the webserver admins.
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: firstname.lastname@example.org • WEB: http://www.wellho.net • SKYPE: wellho