Re: cannot figure out permissions for fopen/fwrite

> The tmp folder isn't accessible from the web though, right? Someone
> would first have to get access to your server for that.
>
> On 7/1/09, Mari Masuda <mbmasuda@...> wrote:
>>
>> On Jul 1, 2009, at 12:54, Shawn McKenzie wrote:
>>
>>> Mari Masuda wrote:
>>>> On Jul 1, 2009, at 12:20, Shawn McKenzie wrote:
>>>>
>>>>> Shawn McKenzie wrote:
>>>>>> Mari Masuda wrote:
>>>>>>> Hello,
>>>>>>>
>>>>>>> This is probably a dumb newbie question.  I am running PHP
>>>>>>> 5.2.5 and
>>>>>>> Apache 2.2.8 on my Mac Book Pro OS X 10.4.11.  I compiled PHP  
>>>>>>> and
>>>>>>> Apache
>>>>>>> from source a while ago (as opposed to using the built-in web
>>>>>>> server
>>>>>>> that is included w/ Mac OS X).  I have written the below PHP  
>>>>>>> whose
>>>>>>> purpose is to read an existing comma separated (CSV) file and
>>>>>>> save the
>>>>>>> data into a text file that I can later copy and paste from  
>>>>>>> into my
>>>>>>> website content management system.  The problem is that on my
>>>>>>> Mac, I
>>>>>>> cannot seem to figure out what permissions I need to set in
>>>>>>> order to
>>>>>>> make the input CSV and the initially non-existant output text  
>>>>>>> file
>>>>>>> readable and writable by Apache/PHP.  I have Googled and come
>>>>>>> across
>>>>>>> many pages about different ways to set permissions and different
>>>>>>> permissions to set but none of the ways suggested that I tried
>>>>>>> seemed to
>>>>>>> work for me.  As a temporary solution, I uploaded my PHP file  
>>>>>>> to a
>>>>>>> Windows 2003 server running Apache and PHP and it worked
>>>>>>> flawlessly
>>>>>>> (and
>>>>>>> makes me suspicious that there is some huge security hole  
>>>>>>> with the
>>>>>>> Windows box since it was able to execute with no permissions
>>>>>>> modifications).  Any tips would be greatly appreciated.  Thanks!
>>>>>>>
>>>>>>> Mari
>>>>>>>
>>>>>>> --- start my code ---
>>>>>>> <?php
>>>>>>>
>>>>>>>     $in = fopen("/Applications/apache/htdocs/wp-php/wp.csv",  
>>>>>>> "r");
>>>>>>>     $out =
>>>>>>> fopen("/Applications/apache/htdocs/wp-php/
>>>>>>> tableToCutAndPaste.txt",
>>>>>>> "w");
>>>>>>>     $counter = 0;
>>>>>>>
>>>>>>>
>>>>>>>     fwrite($out, "<table>\n");
>>>>>>>
>>>>>>>     while(($data = fgetcsv($in)) !== FALSE) {
>>>>>>>         $paperNumber = $data[0];
>>>>>>>         $authors = $data[1];
>>>>>>>         $title = $data[2];
>>>>>>>         $filename = $paperNumber . ".pdf";
>>>>>>>
>>>>>>>         if(($counter % 2) == 0) {
>>>>>>>             fwrite($out, "<tr>\n");
>>>>>>>         } else {
>>>>>>>             fwrite($out, "<tr style=\"background: #cccccc;\">
>>>>>>> \n");
>>>>>>>         }
>>>>>>>
>>>>>>>         fwrite($out, "<td><a
>>>>>>> href=\"http://www.example.com/workingpapers/getWorkingPaper.php?
>>>>>>> filename=$filename\">$paperNumber</a></td>\n");
>>>>>>>
>>>>>>>
>>>>>>>         fwrite($out, "<td>$authors</td>\n");
>>>>>>>         fwrite($out, "<td>$title</td>\n");
>>>>>>>         fwrite($out, "</tr>\n");
>>>>>>>
>>>>>>>         $counter++;
>>>>>>>     }
>>>>>>>
>>>>>>>     fwrite($out, "</table>\n");
>>>>>>>
>>>>>>>
>>>>>>>     fclose($in);
>>>>>>>     fclose($out);
>>>>>>>
>>>>>>> ?>
>>>>>>> --- end my code ---
>>>>>>
>>>>>> What are the permissions on /Applications/apache/htdocs/wp-php/ ?
>>>>>>
>>>>>> Apache needs write permissions on that dir in order to create
>>>>>> the file
>>>>>> tableToCutAndPaste.txt.
>>>>>>
>>>>>> It's probably not a secure idea to give write permissions to
>>>>>> that dir,
>>>>>> so maybe create a subdir of tmp and change those permissions
>>>>>> (one way):
>>>>>>
>>>>>> mkdir /Applications/apache/htdocs/wp-php/tmp
>>>>>> chmod a+w /Applications/apache/htdocs/wp-php/tmp
>>>>>>
>>>>>
>>>>> Also, turn on error reporting so that you can see the exact
>>>>> problem.  It
>>>>> may not be what you think.
>>>>>
>>>>> --
>>>>> Thanks!
>>>>> -Shawn
>>>>> http://www.spidean.com
>>>>
>>>>
>>>> Thanks for the suggestions.  I added the following lines to the
>>>> very top
>>>> of my code:
>>>>
>>>>     error_reporting(E_ALL);
>>>>
>>>>     mkdir("/Applications/apache/htdocs/wp-php/tmp", 0777, true);
>>>>     chmod("/Applications/apache/htdocs/wp-php/tmp", "a+w");
>>>>
>>>> and I also changed the line where it tries to open the file to
>>>> write to
>>>> to go to the new directory:
>>>>
>>>>     $out =
>>>> fopen("/Applications/apache/htdocs/wp-php/tmp/
>>>> tableToCutAndPaste.txt",
>>>> "w");
>>>>
>>>> Below are the errors I got:
>>>> --- start errors ---
>>>> Warning: mkdir() [function.mkdir]: Permission denied in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 5
>>>>
>>>> Warning: chmod() [function.chmod]: No such file or directory in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 6
>>>>
>>>> Warning:
>>>> fopen(/Applications/apache/htdocs/wp-php/tmp/
>>>> tableToCutAndPaste.txt)
>>>> [function.fopen]: failed to open stream: No such file or  
>>>> directory in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 9
>>>>
>>>> Warning: fwrite(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 13
>>>>
>>>> Warning: fwrite(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 22
>>>>
>>>> Warning: fwrite(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 27
>>>>
>>>> Warning: fwrite(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 28
>>>>
>>>> Warning: fwrite(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 29
>>>>
>>>> Warning: fwrite(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 30
>>>>
>>>> Warning: fwrite(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 35
>>>>
>>>> Warning: fclose(): supplied argument is not a valid stream
>>>> resource in
>>>> /Applications/apache/htdocs/wp-php/generateTable.php on line 39
>>>> --- end errors ---
>>>>
>>>> The permissions are as follows (sorry I didn't think to include
>>>> them in
>>>> my original message):
>>>>
>>>> [Wed Jul 01 12:28:29] ~: ls -la /Applications/apache/htdocs/wp-php/
>>>> total 64
>>>> drwxr-xr-x    5 mari  admin    170 Jun 29 16:47 .
>>>> drwxr-xr-x   24 mari  admin    816 Jun 29 16:47 ..
>>>> -rw-r--r--    1 mari  admin   6148 Jun 28 21:11 .DS_Store
>>>> -rwxr--r--    1 mari  admin    827 Jul  1 12:26 generateTable.php
>>>> -rwxr--r--    1 mari  admin  17532 Jun 28 20:53 wp.csv
>>>> [Wed Jul 01 12:29:01] ~:
>>>>
>>>> Thank you,
>>>> Mari
>>>
>>> That's because the apache user doesn't have permissions to create  
>>> the
>>> dir or change the permissions.  The commands I gave you need to  
>>> be run
>>> from the command line.
>>>
>>> --
>>> Thanks!
>>> -Shawn
>>> http://www.spidean.com
>>
>> Oh, duh, thank you.  Doing it on the command line like you said
>> worked great.  I also had to edit my .csv file in TextWrangler to
>> change the line breaks from \r to \r\n before it would work.
>> Although the Mac's built-in firewall is set to block incoming traffic
>> except for network time and something installed by Adobe when I
>> installed CS4, I was wondering about the security of this technique
>> if done on a production server.  I only run this script by pointing
>> my browser to http://localhost/wp-php/generateTable.php and I think
>> with my firewall settings nobody else would be able to execute this
>> script, but it seems if the tmp folder is set to world writable on a
>> production server that anybody might be able to somehow upload a
>> malicious file if they knew the location of tmp.  Any thoughts?  
>> Thanks!
>>
>> Mari
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>