Re: Re: cannot figure out permissions for fopen/fwrite

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Jul 1, 2009, at 12:54, Shawn McKenzie wrote:

Mari Masuda wrote:
On Jul 1, 2009, at 12:20, Shawn McKenzie wrote:

Shawn McKenzie wrote:
Mari Masuda wrote:
Hello,

This is probably a dumb newbie question. I am running PHP 5.2.5 and
Apache 2.2.8 on my Mac Book Pro OS X 10.4.11.  I compiled PHP and
Apache
from source a while ago (as opposed to using the built-in web server
that is included w/ Mac OS X).  I have written the below PHP whose
purpose is to read an existing comma separated (CSV) file and save the
data into a text file that I can later copy and paste from into my
website content management system. The problem is that on my Mac, I cannot seem to figure out what permissions I need to set in order to
make the input CSV and the initially non-existant output text file
readable and writable by Apache/PHP. I have Googled and come across
many pages about different ways to set permissions and different
permissions to set but none of the ways suggested that I tried
seemed to
work for me.  As a temporary solution, I uploaded my PHP file to a
Windows 2003 server running Apache and PHP and it worked flawlessly
(and
makes me suspicious that there is some huge security hole with the
Windows box since it was able to execute with no permissions
modifications).  Any tips would be greatly appreciated.  Thanks!

Mari

--- start my code ---
<?php

    $in = fopen("/Applications/apache/htdocs/wp-php/wp.csv", "r");
    $out =
fopen("/Applications/apache/htdocs/wp-php/tableToCutAndPaste.txt",
"w");
    $counter = 0;


    fwrite($out, "<table>\n");

    while(($data = fgetcsv($in)) !== FALSE) {
        $paperNumber = $data[0];
        $authors = $data[1];
        $title = $data[2];
        $filename = $paperNumber . ".pdf";

        if(($counter % 2) == 0) {
            fwrite($out, "<tr>\n");
        } else {
            fwrite($out, "<tr style=\"background: #cccccc;\">\n");
        }

        fwrite($out, "<td><a
href=\"http://www.example.com/workingpapers/getWorkingPaper.php? filename=$filename\">$paperNumber</a></td>\n");


        fwrite($out, "<td>$authors</td>\n");
        fwrite($out, "<td>$title</td>\n");
        fwrite($out, "</tr>\n");

        $counter++;
    }

    fwrite($out, "</table>\n");


    fclose($in);
    fclose($out);

?>
--- end my code ---

What are the permissions on /Applications/apache/htdocs/wp-php/ ?

Apache needs write permissions on that dir in order to create the file
tableToCutAndPaste.txt.

It's probably not a secure idea to give write permissions to that dir, so maybe create a subdir of tmp and change those permissions (one way):

mkdir /Applications/apache/htdocs/wp-php/tmp
chmod a+w /Applications/apache/htdocs/wp-php/tmp


Also, turn on error reporting so that you can see the exact problem. It
may not be what you think.

--
Thanks!
-Shawn
http://www.spidean.com


Thanks for the suggestions. I added the following lines to the very top
of my code:

    error_reporting(E_ALL);

    mkdir("/Applications/apache/htdocs/wp-php/tmp", 0777, true);
    chmod("/Applications/apache/htdocs/wp-php/tmp", "a+w");

and I also changed the line where it tries to open the file to write to
to go to the new directory:

    $out =
fopen("/Applications/apache/htdocs/wp-php/tmp/ tableToCutAndPaste.txt",
"w");

Below are the errors I got:
--- start errors ---
Warning: mkdir() [function.mkdir]: Permission denied in
/Applications/apache/htdocs/wp-php/generateTable.php on line 5

Warning: chmod() [function.chmod]: No such file or directory in
/Applications/apache/htdocs/wp-php/generateTable.php on line 6

Warning:
fopen(/Applications/apache/htdocs/wp-php/tmp/tableToCutAndPaste.txt)
[function.fopen]: failed to open stream: No such file or directory in
/Applications/apache/htdocs/wp-php/generateTable.php on line 9

Warning: fwrite(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 13

Warning: fwrite(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 22

Warning: fwrite(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 27

Warning: fwrite(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 28

Warning: fwrite(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 29

Warning: fwrite(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 30

Warning: fwrite(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 35

Warning: fclose(): supplied argument is not a valid stream resource in
/Applications/apache/htdocs/wp-php/generateTable.php on line 39
--- end errors ---

The permissions are as follows (sorry I didn't think to include them in
my original message):

[Wed Jul 01 12:28:29] ~: ls -la /Applications/apache/htdocs/wp-php/
total 64
drwxr-xr-x    5 mari  admin    170 Jun 29 16:47 .
drwxr-xr-x   24 mari  admin    816 Jun 29 16:47 ..
-rw-r--r--    1 mari  admin   6148 Jun 28 21:11 .DS_Store
-rwxr--r--    1 mari  admin    827 Jul  1 12:26 generateTable.php
-rwxr--r--    1 mari  admin  17532 Jun 28 20:53 wp.csv
[Wed Jul 01 12:29:01] ~:

Thank you,
Mari

That's because the apache user doesn't have permissions to create the
dir or change the permissions.  The commands I gave you need to be run
from the command line.

--
Thanks!
-Shawn
http://www.spidean.com

Oh, duh, thank you. Doing it on the command line like you said worked great. I also had to edit my .csv file in TextWrangler to change the line breaks from \r to \r\n before it would work. Although the Mac's built-in firewall is set to block incoming traffic except for network time and something installed by Adobe when I installed CS4, I was wondering about the security of this technique if done on a production server. I only run this script by pointing my browser to http://localhost/wp-php/generateTable.php and I think with my firewall settings nobody else would be able to execute this script, but it seems if the tmp folder is set to world writable on a production server that anybody might be able to somehow upload a malicious file if they knew the location of tmp. Any thoughts? Thanks!

Mari

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux