Uploaded files "owned" by Apache
hbar - June 6, 2007 - 00:46
Hi there,
I've got a problem on my live test site, but I'm not sure if it's Drupal-related or not (sorry).
Whenever I upload a file using either the Audio module or the Image module, the files end up being "owned" by Apache and I have no permission to rename, delete, or do whatever to the files.
Is this the expected behaviour?
Is there something I should change within Drupal, or will I have to ask my Host to adjust something in their Apache settings? I've got a shared hosting deal and don't think I can set this myself.
I've searched here for "Apache" and "Permissions", but didn't seem to find an answer. Any info or pointers much appreciated.
Thanks very much.
--
Jim
host/PHP issue
to avoid this you need a host running PHP via suexec or suphp.
Thanks for your reply,
Thanks for your reply, pwolanin.
Unfortunately, I don't really understand (I'm quite new to all this).
Do I just ask my host if they're running PHP via suexec or suphp? Or do I ask them to turn on suexec or suphp?
Apologies for my loose grasp of the situation.
--
jim
It's expected
The Apache user is the user creating the files, so it is the user that owns them. On unix only the root user can change file ownership, so there is nothing Drupal itself can do about it.
What the solutions above do is run Apache as your user account - but that is something for your host to give you (or not as may be).
--
Anton
New to Drupal? | Troubleshooting FAQ
Example knowledge base built with Drupal
Thanks for the explanation
Hi Anton,
Thanks for the explanation. :)
I guess I'll have to talk to my host. If they won't do that, I can prepare all the files on my local site, and then FTP the files and upload the SQL to my live site (sigh...) Inconvenient, but not a killer.
Cheers
--
Jim
You can still manage the files
you just have to get the web server to do it (in a round about way). eg you could upload a PHP script that deletes or renames files. Then the scripts runs as Apache and has full permissions for those files.
--
Anton
New to Drupal? | Troubleshooting FAQ
Example knowledge base built with Drupal
PHP Suexec *is* installed
Hi Anton,
I asked my hosts and they said "we have PHP Suexec installed on the server", which is a good thing (phew!).
Er... I'm not sure what to do with PHP Suexec, or even what it is. Should I try your PHP script idea, or was that just for the case where PHP Suexec was not installed?
Sorry for asking so many questions (clueless, really). If I were to be redirected to answers in a Handbook somewhere, that would be fine. I'm not really sure what to look for.
Many thanks
--
Jim
phpsuexec
While I've never needed to use it (we admin/host our own dedicated Drupal server), it basically gets Apache to change its user account to the owner of the PHP scripts before running them. Apparently it requires PHP to run using its CGI interface (maybe FastCGI is ok too) instead of mod_php (mod_php is the standard method for running PHP on Apache).
If your uploaded files aren't own by your account, then your site isn't running with phpsuexec.
Chances are that you'll need to ask them to configure your site to use it - or maybe you need to enable the suid permissions bit (your FTP client might let you set that) on your files to get it to work (as I said, I've never used it myself).
--
Anton
New to Drupal? | Troubleshooting FAQ
Example knowledge base built with Drupal
The fog is clearing...
Thanks Anton, that's really good information. At least now I know what sort of questions to ask my host.
Learning Drupal has been a challenge, but this kind of Apache/PHP stuff is waaay over my head! I guess that's what these forums are for! :-)
Again, many thanks.
--
Jim
Totally normal behaviour
On many hosts, that'll be normal. You are not your webserver.
My preferred set-up is to ensure my login identity (for FTP and shell) is at least in the same group as the www-data user that runs the web process. Thus we can share files (when other settings are good).
You can Command the webserver to give you back control of your files
The longer story about access risks to files created by the server process is a bit trickier. SUExec is one better approach, but I know nothing about it.
.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/
Very informative
Hi dan
Thanks for the info.
I don't have shell access, but I do have FTP access. Would I have to ask my host to "ensure my login identity (for FTP and shell) is at least in the same group as the www-data user"? Or can I do this myself?
The links you posted were very informative, especially the Access control for file uploads? one. There's a lot for me to learn still. Most helpful!
Cheers.
--
Jim
root
Setting your user account group membership
adduser yourusername www-datais a top-level admin function. You cannot do it yourself.
(I think) It's useful when letting developers actually read and write their own files on a webserver, so is a useful default setting for ISPs, but there are, as ever, many approaches to optimal sever security. Some sysadmins will switch you over without a second thought and apologise for not doing it automatically, others will throw a fit about it being the wrong thing to do. I can't say who's right.
Other hosts, that truly use SUExec, would not even have to do that. As described above, that would mean that the webserver really was operating as if it were you.
Me, I like that little distinction between me and my daemon as it helps me know exactly what's happening where.
Basically, it's up to your host.
.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/
Useful info
Ok.
Thanks, Dan :-)
--
Jim
hello all and please
hello all and please HEEEELP
i have been reading and testing for 2 days and i dont think i will ever solve this
As in this thread, my uploaded files are owned by apache and my hosting company is not giving me suexe cause its a security issue.
I test imagecache and of course is not working and in the logs i get errors like "can not create directory" etc.
Is there anything else i can test.
Drupal 5.7
Imagecache 5.1.3
So haven't you tried to set
So haven't you tried to set global write access to your files directory?
how you do it is up to the tools that your host provides, but it's gotta be possible.
.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/
i have try that and it didnt
i have try that and it didnt work
at the end i manage to fix it by creating all directories manually with my users.
So now apache owns the images but it is able to create them in the presets directories.
SO far it is working, but if i flash imagecache i will have to delete and recreate all directories myself.
Of course there is always the possibility that my hosts has change something and didnt let me know.
thank you for trying helping me
I had the same problem -
I had the same problem - what I did is added 'apache' user to the group and set 775 permission. Is that a valid solution? Is there only one 'apache' user so that i don't have to worry about someone messing up with my files?