Re: [cobalt-users] groups and permissions in web server - update access to file

["Steven Werby" <steven-lists@xxxxxxxxxxxx>]

Jim Carey <ozbcoz@xxxxxxxxxxxxxxxx> wrote:
> I have a file that I want all of my sites to be able to read - so I have
> placed
> that file in /home/direct/file
>
> Now I would like to be able to use a PHP script to update the file. How can
> I
> set up permissions, ownership etc  so that I can update this file via a
> browser
> - is this possible  without necessarily making it chmod 777 - I would like
> some control over who can write to it but I want the update from a browser

You have several options.  Apache is run as the user httpd and since you probably
have PHP installed as an Apache module all of your PHP files run as httpd.  To make a
file writable by PHP you need to make it group writable or make it owned by httpd and
owner-writable.  For increases security over the web you can:

1. put the PHP page that writes to the data file in a protected directory using
.htaccess
2. give the data file a unique extension like .dat and then put a section in your
server config file like the following so it's not reable over the web:
<Files "\.dat$">
Order allow,deny
 Deny from all
</Files>
3. put the data file in a directory outside the web root so no one can get to it
directly via the web

You could also have the PHP webpage write to a staging data file and email you
whenever it's executed.  Then you could manually copy the staging data file to the
production data file, have a script that you execute that does so or a cron job
script that does so automatically at specified intervals.  You could also install a
second copy of PHP as a binary.  This copy of PHP can be run from the commandline
like Perl (might not be of value in this case) and allows you to run your PHP script
as the user who owns the script.  Then you can make the data file chown 700 and owned
by the same user and no one else can touch it from the shell.

Steven Werby {steven-lists@xxxxxxxxxxxx}