Hi, i have a question regarding my own webserver. I run Debian Sarga with Apache2, PHP4, MySQL and ProFTPd. When i use ftp to upload things to my webserver, the files get the owner 'kensentme' and the group 'www-data', this is the group Apache2 runs in. When i install a cms like Limbo, which runs on a textfile based database, the PHP-scripts create files. Those files have the owner and group www-data (that of Apache2).
The problem comes when i try to delete the files from my webserver using ftp. Because the rights to those files are restricted to the owner, i can't delete them using ftp (logging in as kensentme). It can only be done by logging in as root on the server and then delete them with the command line.
I know Apache2 has the mpm-perchild, but according to the apache-developers it's not safe to use it.
How do professional hosters solve this problem (or deal with it) and are there safe and secure alternatives?
Since PHP script is running as www-data, another user can't delete files uploaded by user. To solve the problem, you make to make another PHP script to manage uploads, i think Joomla have this feature (i have seen in mambo forum). Other solution is to chmod the file to 777 after uploading. To do this, you need to modify the upload script.
suexec/PHP as a CGI's performance does not hold a candle to Apache's mod_php. If your site gets any reasonable amount of traffic, don't use it.
To the OP: if you're using a content management system, there should be some mechanism to delete files that it has created. Besides that, you can install a web-file manager running through a PHP script: it will be the correct user and you can delete files to your liking. You won't be able to use FTP.
As you can see there is no ideal solution. It is a common problem, apache and php run as one user, so when they create files they are created as that user - different to the FTP user.
It will be a pay off between security and usability. One option we implemented on an old system was to have a chown script in the control panel for each user. so they could simply login and click chown, and it would basically chown selected files back to their ftp user.