PHP - General

 « Return to Thread: cannot figure out permissions for fopen/fwrite

Re: Re: cannot figure out permissions for fopen/fwrite

by Mari Masuda-2 :: Rate this Message:

Reply to Author | View in Thread


On Jul 1, 2009, at 12:54, Shawn McKenzie wrote:

> Mari Masuda wrote:
>> On Jul 1, 2009, at 12:20, Shawn McKenzie wrote:
>>
>>> Shawn McKenzie wrote:
>>>> Mari Masuda wrote:
>>>>> Hello,
>>>>>
>>>>> This is probably a dumb newbie question.  I am running PHP  
>>>>> 5.2.5 and
>>>>> Apache 2.2.8 on my Mac Book Pro OS X 10.4.11.  I compiled PHP and
>>>>> Apache
>>>>> from source a while ago (as opposed to using the built-in web  
>>>>> server
>>>>> that is included w/ Mac OS X).  I have written the below PHP whose
>>>>> purpose is to read an existing comma separated (CSV) file and  
>>>>> save the
>>>>> data into a text file that I can later copy and paste from into my
>>>>> website content management system.  The problem is that on my  
>>>>> Mac, I
>>>>> cannot seem to figure out what permissions I need to set in  
>>>>> order to
>>>>> make the input CSV and the initially non-existant output text file
>>>>> readable and writable by Apache/PHP.  I have Googled and come  
>>>>> across
>>>>> many pages about different ways to set permissions and different
>>>>> permissions to set but none of the ways suggested that I tried
>>>>> seemed to
>>>>> work for me.  As a temporary solution, I uploaded my PHP file to a
>>>>> Windows 2003 server running Apache and PHP and it worked  
>>>>> flawlessly
>>>>> (and
>>>>> makes me suspicious that there is some huge security hole with the
>>>>> Windows box since it was able to execute with no permissions
>>>>> modifications).  Any tips would be greatly appreciated.  Thanks!
>>>>>
>>>>> Mari
>>>>>
>>>>> --- start my code ---
>>>>> <?php
>>>>>
>>>>>     $in = fopen("/Applications/apache/htdocs/wp-php/wp.csv", "r");
>>>>>     $out =
>>>>> fopen("/Applications/apache/htdocs/wp-php/tableToCutAndPaste.txt",
>>>>> "w");
>>>>>     $counter = 0;
>>>>>
>>>>>
>>>>>     fwrite($out, "<table>\n");
>>>>>
>>>>>     while(($data = fgetcsv($in)) !== FALSE) {
>>>>>         $paperNumber = $data[0];
>>>>>         $authors = $data[1];
>>>>>         $title = $data[2];
>>>>>         $filename = $paperNumber . ".pdf";
>>>>>
>>>>>         if(($counter % 2) == 0) {
>>>>>             fwrite($out, "<tr>\n");
>>>>>         } else {
>>>>>             fwrite($out, "<tr style=\"background: #cccccc;\">\n");
>>>>>         }
>>>>>
>>>>>         fwrite($out, "<td><a
>>>>> href=\"http://www.example.com/workingpapers/getWorkingPaper.php?
>>>>> filename=$filename\">$paperNumber</a></td>\n");
>>>>>
>>>>>
>>>>>         fwrite($out, "<td>$authors</td>\n");
>>>>>         fwrite($out, "<td>$title</td>\n");
>>>>>         fwrite($out, "</tr>\n");
>>>>>
>>>>>         $counter++;
>>>>>     }
>>>>>
>>>>>     fwrite($out, "</table>\n");
>>>>>
>>>>>
>>>>>     fclose($in);
>>>>>     fclose($out);
>>>>>
>>>>> ?>
>>>>> --- end my code ---
>>>>
>>>> What are the permissions on /Applications/apache/htdocs/wp-php/ ?
>>>>
>>>> Apache needs write permissions on that dir in order to create  
>>>> the file
>>>> tableToCutAndPaste.txt.
>>>>
>>>> It's probably not a secure idea to give write permissions to  
>>>> that dir,
>>>> so maybe create a subdir of tmp and change those permissions  
>>>> (one way):
>>>>
>>>> mkdir /Applications/apache/htdocs/wp-php/tmp
>>>> chmod a+w /Applications/apache/htdocs/wp-php/tmp
>>>>
>>>
>>> Also, turn on error reporting so that you can see the exact  
>>> problem.  It
>>> may not be what you think.
>>>
>>> --
>>> Thanks!
>>> -Shawn
>>> http://www.spidean.com
>>
>>
>> Thanks for the suggestions.  I added the following lines to the  
>> very top
>> of my code:
>>
>>     error_reporting(E_ALL);
>>
>>     mkdir("/Applications/apache/htdocs/wp-php/tmp", 0777, true);
>>     chmod("/Applications/apache/htdocs/wp-php/tmp", "a+w");
>>
>> and I also changed the line where it tries to open the file to  
>> write to
>> to go to the new directory:
>>
>>     $out =
>> fopen("/Applications/apache/htdocs/wp-php/tmp/
>> tableToCutAndPaste.txt",
>> "w");
>>
>> Below are the errors I got:
>> --- start errors ---
>> Warning: mkdir() [function.mkdir]: Permission denied in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 5
>>
>> Warning: chmod() [function.chmod]: No such file or directory in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 6
>>
>> Warning:
>> fopen(/Applications/apache/htdocs/wp-php/tmp/tableToCutAndPaste.txt)
>> [function.fopen]: failed to open stream: No such file or directory in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 9
>>
>> Warning: fwrite(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 13
>>
>> Warning: fwrite(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 22
>>
>> Warning: fwrite(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 27
>>
>> Warning: fwrite(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 28
>>
>> Warning: fwrite(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 29
>>
>> Warning: fwrite(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 30
>>
>> Warning: fwrite(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 35
>>
>> Warning: fclose(): supplied argument is not a valid stream  
>> resource in
>> /Applications/apache/htdocs/wp-php/generateTable.php on line 39
>> --- end errors ---
>>
>> The permissions are as follows (sorry I didn't think to include  
>> them in
>> my original message):
>>
>> [Wed Jul 01 12:28:29] ~: ls -la /Applications/apache/htdocs/wp-php/
>> total 64
>> drwxr-xr-x    5 mari  admin    170 Jun 29 16:47 .
>> drwxr-xr-x   24 mari  admin    816 Jun 29 16:47 ..
>> -rw-r--r--    1 mari  admin   6148 Jun 28 21:11 .DS_Store
>> -rwxr--r--    1 mari  admin    827 Jul  1 12:26 generateTable.php
>> -rwxr--r--    1 mari  admin  17532 Jun 28 20:53 wp.csv
>> [Wed Jul 01 12:29:01] ~:
>>
>> Thank you,
>> Mari
>
> That's because the apache user doesn't have permissions to create the
> dir or change the permissions.  The commands I gave you need to be run
> from the command line.
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com

Oh, duh, thank you.  Doing it on the command line like you said  
worked great.  I also had to edit my .csv file in TextWrangler to  
change the line breaks from \r to \r\n before it would work.  
Although the Mac's built-in firewall is set to block incoming traffic  
except for network time and something installed by Adobe when I  
installed CS4, I was wondering about the security of this technique  
if done on a production server.  I only run this script by pointing  
my browser to http://localhost/wp-php/generateTable.php and I think  
with my firewall settings nobody else would be able to execute this  
script, but it seems if the tmp folder is set to world writable on a  
production server that anybody might be able to somehow upload a  
malicious file if they knew the location of tmp.  Any thoughts?  Thanks!

Mari

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

 « Return to Thread: cannot figure out permissions for fopen/fwrite

Free embeddable forum powered by Nabble Forum Help