Hi, I am new here :) Just got my first RAQ with Linux ( I had a dedicated Win2000 box before, but it got so expensive ). Thanks to you all for your help, just got .htaccess ErrorDocument to work by reading some of the prev. threads in the RAQ forum.

Now, my question:

I would like to install a webbased file management tool for my virtual sites. I really like PhpMyExplorer (http://elegac.free.fr/)

I installed it - and are accessing it through regular webbrowsing ( domain . com/PhpMyExplorer ) , and now my problem is: permissions. I ( or I guess more correct the account the Apache process runs under ) have no rights of uploading/changing/deleting files.

What are my options? As I can see it:
1. Set chmod to 777 on all the published directories. I don't feel very comfortable doing this - however since I am no Unix guru - what are the actual risks?
2. Modify the script so it: a) writes files to a temporary directory structure ( with chmod 777 ) and then have a cron job moving files from temp-dir to the real published directory... Feels like a lot of wasted CPU cycles there ?

3. ????????? Your ideas?

I am no Unix or Apache guru ( more of an Windows system programmer ) so is there a possibility to somehow get a certain PHP script to run under another account ( actually root is what is needed )?

Note: I would rather not use CGI, PHP is what I feel comfortable with. However, since spawning another process seems like a must, I guess if you have a CGI solution please tell me.

I have heard of something called CGIWrap or something like that, but as I said please let me know if there is another way around?

Change the ownership of the files to the person who runs apache, its usually apache, or nobody. Then you can chmod then 755 for example and edit/move/create.

Im sure others might have a better way.

Are you running shared/virtual hosting? If you are, then chmodding files to 777 can be a security risk. Anybody, can write/modify these files.

If PHPExplorer does not use login credentials to handle authentication and file access, then I would look for another program. Unless all of the users on your machine are trusted, then this can be a security nightmare. There are many poorly written PHP scripts that allow users to browse around your server. I would urge you to look for a replacement script that uses .htaccess or other authentication modes to preserve the permission structure of the filesystem.

Head over to http://www.hotscripts.com and look for file management utilities.


If you want to stick with this program, then I would use group permission settings. Create a group that has the web server as a user as well as the owner of the files. Since, PHP files run under the web servers user id (uid) you can set group permissions to allow the PHP tool to have read/write access without setting everything to 777. To set group permissions use 775. This way you do not have to change the file's owner but the web server can access modify the file.

Ok, sorry to bother you again - maybe you have answered me, however I am so stupid I don't get it.

Ok,
>If PHPExplorer does not use login credentials to handle authentication and file access, then I would look for another program. Unless all of the users on your machine are trusted, then this can be a security nightmare. There are many poorly written PHP scripts that allow users to browse around your server. I would urge you to look for a replacement script that uses .htaccess or other authentication modes to preserve the permission structure of the filesystem.

Yes, I have added PHP HTTP authenitcation to the script. However, since I run PHP as a module then file access is always from the Apache process user right?

>Head over to http://www.hotscripts.com and look for file management utilities.
That's where I found it.

So, let say:
a) users login with PHP HTTP authentication
b) use chmode 775 as you say
c) I make sure the authenticatated user can't go further down than its own web directory. This is made possible since I store all my users and their properties such as homedirectories in MySQL database.

How secure/insecure is that?

And will it be possible to create/upload .htaccess files?

And since it was asked about, it is a dedicated RAQ I use.


Actually, the only really safe way as I see it, if using PHP as a module - not CGI, is to use ftp - that is the PHP script handles files by ftp:ing to my own server?

I think there are some PHP frontends for FTP. Basically, they just serve as a GUI for standard FTP. This may be what you want because then you would not need special file settings etc.

Also, just a note ... If you grant the web server read/write privs on files, then anybody can write a php script to modify other peoples files. You may want to check out the opendir_base or similar config option for PHP. If you are in a virtual hosting enviroment with multiple users, I would be hesistant to use PHP to allow file access. The problem is that PHP would run as the web server -- thus any logging would not show who changed the file. This would allow a user to hack other people's files without detection.

I am not sure if you can pass variables into the opendir_base option -- if so, then you could prevent PHP from accessing files outside of the users directory tree. Using your MySQL data will not help because I could always install my own php script that does not use the database, thus giving me free run of the server.

Yes, I have started to code my own FTP frontend. I don't like the GUI of the existing ones - I mean it should look good enough to attract hosting clients.

I was wondering: what kind of webbased file manager do you other webhosts use - specifically talking about a RAQ solution here?