|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2004-11-14 21:40 UTC] tony2001@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Mon Jun 03 09:01:32 2024 UTC |
Description: ------------ is_writable() only returns one for files that are writable by the apache user, not by the current UID. Apache is running as user/group nobody, but is setup with virtual hosts. Each virtual host uses its own user/group. The current UID as returned by getmyuid() verifies that my PHP scripts are running as "me" and not as "nobody". test_file is permission 0644. If I chmod test_file to user "me" is_writable() returns nothing. If I chmod test_file to user "nobody" is_writable() returns 1. PHP needs to check the current uid an use that to verify if something is writable, or it needs to defer to the operating system. I imagine this is mod_php specific. Reproduce code: --------------- httpd.conf : User nobody Group nobody <VirtualHost ...> User me Group me </VirtualHost> $ touch test_file $ chmod 0644 test_file $ chown nobody test_file <? print getmyuid() ?> <? print is_writable('test_file') ?> 514 1 $ chown me test_file <? print getmyuid() ?> <? print is_writable('test_file') ?> 514 (nothing) Expected result: ---------------- I expect is_writable() to return 1 if PHP fully has permission to write the file. As a result, I have to chmod sensitive data to 0666 on a shared server, which is bad.