Permissions on PHP file uploads are a little weird.

Discussion in 'PHP' started by brettdavidsonnz, Feb 25, 2008.

  1. brettdavidsonnz

    brettdavidsonnz New Member

    Using a very basic forms/move_uploaded_file script to upload files to a host.

    The host is loaded via the apache httpd.conf and is set to use suexec as a particular user:group. (Server is FreeBSD 6.3).

    Files created with fwrite have correct user:group permissions but files uploaded with move_uploaded_file do not. They get the owner:group permissions of the backend lsws process.

    Is this a known issue or am I doing something wrong?
  2. mistwang

    mistwang LiteSpeed Staff

    Please check the user id of lsphp processes. Please remove the old file and test again. if the file exist, the ownership will not be changed if upload again.
  3. brettdavidsonnz

    brettdavidsonnz New Member

    lsphp5 ownership is www so that will explain this issue.

    Now then, if PHPsuEXEC is enabled and docroot UID is set, why would the process be owned by www?

    Ownership when creating files works by (I assume) deciding this based on the directory ownership.
  4. brettdavidsonnz

    brettdavidsonnz New Member

    As a further note, the apache httpd.conf is loaded in via lsws' httpd_config.xml file. The systems uses Plesk.
    This httpd.conf file in turn loads some includes (plesk.include) which then include a file for each domain (a httpd.include file within each domain).
    The suexecUserGroup directive is set in these httpd.include files.

    The system control panel shows the APVH virtual host entry and APVH listeners running. Does PHPsuEXEC only work with Litespeed listeners?
  5. mistwang

    mistwang LiteSpeed Staff

    can you PM me the login to LSWS admin console?
  6. mistwang

    mistwang LiteSpeed Staff

    I checked the server, it does use suexec for that vhost.
    Can you please double check the suexecUserGroup configuration for that vhost. the user does exist.
    And, you can send us your http.conf and included configuration file for analysis to bug @ litespeedtech ...
  7. brettdavidsonnz

    brettdavidsonnz New Member

    Done.

    These have been emailed to the address you listed.
  8. mistwang

    mistwang LiteSpeed Staff

    One more question, does the server installed with "root" user? suExec only works when the user who run LSWS installer is "root". if you run the installer as "www" user, suexec will not work.
  9. brettdavidsonnz

    brettdavidsonnz New Member

    Yes. System installed as root but runs as www.

    ps shows :

    root 17697 0.0 0.1 5188 4240 ?? S 4:28PM 0:42.42 lshttpd (lshttpd.3.3.4)
    root 17698 0.0 0.0 1296 692 ?? S 4:28PM 0:00.48 lscgid (lscgid.3.3.4)
    www 17699 0.0 0.1 5156 4240 ?? S 4:28PM 0:33.41 lshttpd (lshttpd.3.3.4)
    www 17700 0.0 0.1 5156 4236 ?? S 4:28PM 0:33.27 lshttpd (lshttpd.3.3.4)
  10. mistwang

    mistwang LiteSpeed Staff

    Can you please check the ownership and permission mask of lsws/bin/lscgid,
    It should be owned by root with setuid bit set. suEXEC rely on it.
  11. brettdavidsonnz

    brettdavidsonnz New Member

    Ownership is :

    -r-sr-xr-x 1 root www 10780 Feb 14 16:17 lscgid.3.3.4
  12. mistwang

    mistwang LiteSpeed Staff

    Looks correct.
    Is there any security option in FreeBSD to disable setuid?
    Is it possible to PM me a temp root ssh access?
  13. brettdavidsonnz

    brettdavidsonnz New Member

    There is but it is not utilised. (We have other programs running setuid successfully).

    ssh access "PMed" to you. :)
  14. mistwang

    mistwang LiteSpeed Staff

    OK, after add environment variable "LSAPI_PPID_NO_CHECK" to lsphp5 external app configuration to prevent lsphp5 quit immediately, ps -aux shows that lsphp5 does run as "noc" user, so php suEXEC works properly.
  15. mistwang

    mistwang LiteSpeed Staff

  16. brettdavidsonnz

    brettdavidsonnz New Member

    OK then. Now back to the original question.

    It appears that the owner is now noc when using the move_uploaded_file function. Weird. I didn't change anything. Good that it's working however.

    The group is still wheel though.
    I have setting the ForceGID option but this does not appear to work, even with a complete hard restart of the server.
  17. brettdavidsonnz

    brettdavidsonnz New Member

    Thanks for the above link. Now I understand why the user was wrong and why the PPID check fixes it.

    Any ideas about group ownership?
  18. mistwang

    mistwang LiteSpeed Staff

    Do you know how to check the gid of a process? maybe run "id" command from php script?

    I just want to make sure the group id of lsphp5 is not "wheel". If it is, I will look into the code of lscgid.

    BTW: please upgrade to 3.3.5 package first.
  19. mistwang

    mistwang LiteSpeed Staff

    Have you change the ownership of files/directories under lsws/conf?
    Code:
    drwx------  2 root  www    512 Feb 14 16:17 cert
    -rw-------  1 root  www   3320 Feb 14 16:17 mime.properties
    drwx------  2 root  www    512 Feb 14 16:17 templates
    It will break the web console, all should be owned by "www".
  20. brettdavidsonnz

    brettdavidsonnz New Member

    No. Web console was working this morning.

    Since you've been on the system, I can no longer access the server configuration pages.

Share This Page