Editing files with a PHP script


#1

Hi,

One thing I like to be able to do is edit text files directly from the Web via a PHP file editor. This is done with a tool such as Nexus’ Quickedit (http://scripts.escee.com/qe/?76).

Right now, whenever I try to save a file, I get these errors:


Warning: fopen("./versions.txt", “w”) - Permission denied in /home/mydir/script.php on line 525

Warning: Supplied argument is not a valid File-Handle resource in /home/mydir/script.php on line 526

Warning: Supplied argument is not a valid File-Handle resource in /home/mydir/script.php on line 527

The only way around this is to chmod my files to 777. This means that anyone with a dreamhost account on my server can edit them, and that’s no good.

Any suggestions? A description of how I solved this issue on my own server is included below. Thanks a LOT!

–tom


Previously, when I ran my own server, I think the way I got this to work was by giving the script the authority to edit files by editing /etc/group and adding the user “apache” (under which apache ran) to the group that owned my files (group name: tom). I then chmod’ed the file to 664. So, in other words:

file: index.html, owner: tom, group: tom, perm: 664
server uid: apache, apache group membership: tom

UID “apache” belonged to group “tom,” and with the perms at 664, the PHP script was able to save changes to files.


#2

If you run PHP as a CGI (see the kbase for more information on this), or use another type of CGI script (perl) that runs as your user, you won’t have this problem.

If you give group write permissions for the file to the apache user (in this case ‘dhapache’, other users on the machine could possibly write a PHP script to edit your file (although i think some of the recent security changes may have made this less likely).

You won’t be able to chgrp files to the apache user, but support could do it for you if you want.

Note that CGI scripts must be owned by the user and group they’re assigned to from the web panel, so make sure support doesn’t chgrp CGI scripts if they recursively chgrp your web directory to the apache user.

Hope this helps.