PHP5 - chown() - Warning: chown(): Operation not permitted
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
PHP5 - chown() - Warning: chown(): Operation not permitted
Hi,
I am making a database backup program. The program makes a call as system("mysqldump........"). I then insert a line "CREATE DATABASE IF NOT EXISTS dbase" into the dumped file. In order to do this I write part of the file to a temp file, insert the line and then copy the rest of the file into the temp file. Finally I delete the original file and rename the temp file to the original file name.
This new file has ownership and group www-data. I need to change that so use chown() to change owner but it won't work. Error shown below.
Would appreciate any help solving this'
Thanks, R
Code:
$fptmp=fopen("tempfile", "w+");
$fh=fopen($filename, "r+") or die ("Can't open file; Check if exists.");
do {
$str=fgets($fh); // copy file contents to tmp
fwrite($fptmp, $str); // until ..
} while(! strpos($str, "Table structure")); // find words "Table structure"
fwrite($fptmp, "--\n"); // skip line
fwrite($fptmp, $createdb); // Insert "CREATE ..."
fwrite($fptmp, "--\n"); // skip line
fgets($fh);
while(! feof($fh)) { // copy rest of file to tmp
$str=fgets($fh); // skipping line w/ "Table Str..
fwrite($fptmp, $str);
}
fclose($fh); // close the files
fclose($fptmp);
unlink($filename); // delete source file
rename("tempfile", $filename); // rename temp file to org name
chown($filename, "rick"); // change owner from www-data
Recieve following error warning:
Warning: chown(): Operation not permitted in /home/rick/DB-Web/testonly/DbaseBakup.php on line 70
You could run the script from the command line and invoke it as a cron job. Then it is run by root who may use the chown command successfully (if it is not disabled in php.ini)
You need the cli extension of php for this.
This is a terrible idea. Running anything automated as root is a terrible idea. Running automated PHP script as root is even worse idea.
If two different users need to access the same data, the best way to do it, is put them in the same group, and change group of the files. Furthermore, one might set setgid bit on the containing directory in which case all the files inside of it will automatically inherit the group of the directory.
@mina86: Billions of cron jobs are run as root every day as crond does it by default as far as I know. What's so terrible about that?
Anyway you can let it be run by someoneelse if you prefer. But generally spoken, invocation from command line is the better choice as NevemTeve already mentioned. Is that possible for you or don't you have any shell access to that machine?
I am doing this backup from inside my database program . "Backup" is just part of the options in that program. Actually I would prefer php writing the file to owner:group rick:rick instead of www-data:www.data. Is there any way to do that.
I did try using a line, in lieu of: "chown($filename, "rick;, system(sudo(chown($filename, "rick)));. Just hangs the machine.
NevemTeve;
> PS: database exports/imports should be performed from shell-access (ssh),
How would I do this. Can it be done inside PHP as a system call?
@mina86: Billions of cron jobs are run as root every day as crond does it by default as far as I know. What's so terrible about that?
Crond does not do it “by default”. It runs the jobs as whoever the cron jobs were set up to run as. If they are installed by user, they are run by that given user. Jobs in “/etc/crontab” have additional field where user is specified explicitly.
What's wrong about it is that any process run as root is an attack vector, and “run as root” should be the least resort after all other options are exhausted.
Quote:
Originally Posted by pizzipie
I would prefer php writing the file to owner:group rick:rick instead of www-data:www-data. Is there any way to do that.
Like I've described, you can make it write the files as “www-data:rick” with little problems. All you have to do is create a directory where the files are to be saved, set it's ownership to “www-data:rick”, and set setgid bit on it:
This way, whenever a file is created in that directory, it will inherit the “rick” group.
Quote:
Originally Posted by pizzipie
system(sudo(chown($filename, "rick")));
This does not even look like a valid PHP to me. Or at least not one that will do what you want. If you really want to go that way (which I advice against to be honest, at least before you look at other options), you can do something like that:
and then configure sudo (see “/ete/sudoers”) so that www-data can run this command without password.
Quote:
Originally Posted by pizzipie
How would I do this. Can it be done inside PHP as a system call?
It depends what database are we talking about and what exactly the “Backup” function of the script you're using is doing. If you just have a MySQL database, all you need to do is set invocation of “mysql_dump” (I may misremember the name) every day (or whatever). If you Google a little, you'll find scripts which can automatically do the backup and then mail it to you.
Setting this up, however, requires that you have shell access to the server, or at least possibility of setting up cron jobs via your hosting provider's web interface. However, in the latter, you may be limited to what exactly you can run in those cron jobs.
The web-server process should never have elevated privileges, let alone "rootly" ones. It can initiate a request to a separate process which does have super-powers, but the requester (i.e. "the web page") should have no influence over the process that it launches.
Well, first ask your server-provider if you have or not shell access, and if you have, how to use it (well, you have to know what ssh, bash, mc, mysqldump, etc are).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.