Permissions on PHP file uploads are a little weird.

#1
Using a very basic forms/move_uploaded_file script to upload files to a host.

The host is loaded via the apache httpd.conf and is set to use suexec as a particular user:group. (Server is FreeBSD 6.3).

Files created with fwrite have correct user:group permissions but files uploaded with move_uploaded_file do not. They get the owner:group permissions of the backend lsws process.

Is this a known issue or am I doing something wrong?
 

mistwang

LiteSpeed Staff
#2
Please check the user id of lsphp processes. Please remove the old file and test again. if the file exist, the ownership will not be changed if upload again.
 
#3
lsphp5 ownership is www so that will explain this issue.

Now then, if PHPsuEXEC is enabled and docroot UID is set, why would the process be owned by www?

Ownership when creating files works by (I assume) deciding this based on the directory ownership.
 
#4
As a further note, the apache httpd.conf is loaded in via lsws' httpd_config.xml file. The systems uses Plesk.
This httpd.conf file in turn loads some includes (plesk.include) which then include a file for each domain (a httpd.include file within each domain).
The suexecUserGroup directive is set in these httpd.include files.

The system control panel shows the APVH virtual host entry and APVH listeners running. Does PHPsuEXEC only work with Litespeed listeners?
 

mistwang

LiteSpeed Staff
#6
I checked the server, it does use suexec for that vhost.
Can you please double check the suexecUserGroup configuration for that vhost. the user does exist.
And, you can send us your http.conf and included configuration file for analysis to bug @ litespeedtech ...
 

mistwang

LiteSpeed Staff
#8
One more question, does the server installed with "root" user? suExec only works when the user who run LSWS installer is "root". if you run the installer as "www" user, suexec will not work.
 
#9
Yes. System installed as root but runs as www.

ps shows :

root 17697 0.0 0.1 5188 4240 ?? S 4:28PM 0:42.42 lshttpd (lshttpd.3.3.4)
root 17698 0.0 0.0 1296 692 ?? S 4:28PM 0:00.48 lscgid (lscgid.3.3.4)
www 17699 0.0 0.1 5156 4240 ?? S 4:28PM 0:33.41 lshttpd (lshttpd.3.3.4)
www 17700 0.0 0.1 5156 4236 ?? S 4:28PM 0:33.27 lshttpd (lshttpd.3.3.4)
 

mistwang

LiteSpeed Staff
#10
Can you please check the ownership and permission mask of lsws/bin/lscgid,
It should be owned by root with setuid bit set. suEXEC rely on it.
 

mistwang

LiteSpeed Staff
#14
OK, after add environment variable "LSAPI_PPID_NO_CHECK" to lsphp5 external app configuration to prevent lsphp5 quit immediately, ps -aux shows that lsphp5 does run as "noc" user, so php suEXEC works properly.
 
#16
OK then. Now back to the original question.

It appears that the owner is now noc when using the move_uploaded_file function. Weird. I didn't change anything. Good that it's working however.

The group is still wheel though.
I have setting the ForceGID option but this does not appear to work, even with a complete hard restart of the server.
 

mistwang

LiteSpeed Staff
#18
Do you know how to check the gid of a process? maybe run "id" command from php script?

I just want to make sure the group id of lsphp5 is not "wheel". If it is, I will look into the code of lscgid.

BTW: please upgrade to 3.3.5 package first.
 

mistwang

LiteSpeed Staff
#19
Have you change the ownership of files/directories under lsws/conf?
Code:
drwx------  2 root  www    512 Feb 14 16:17 cert
-rw-------  1 root  www   3320 Feb 14 16:17 mime.properties
drwx------  2 root  www    512 Feb 14 16:17 templates
It will break the web console, all should be owned by "www".
 
Top