PHP runs as the webserver user which in most cases is user nobody. For PHP
to write to a directory, it has to be writable to this directory. A
possible solution would be to compile a PHP executable and run a script from
cron to copy the files periodically. By using cron and a cgi-version of PHP
you can run it as your desired user.
Jason
----- Original Message -----
From: "Miles Thompson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 26, 2001 7:18 PM
Subject: [PHP] Copying Files to the Web Directory
> I have a customer who insists on using Front Page, but wants protection
> against intruders on all his web pages. I envisioned a solution where he
> works in Front Page, then all his files are ftp'd to a directory on the
> server, opened and re-written as .php files with all links changed from
> "something.htm" to "something.php" and then copied to a directory on the
> same level called "test". So far so good, and this allows a php-one-liner
> to provide the necessary security.
>
> Now I'm stuck, because I have to copy these files from test to the
location
> of the web page itself. And I've not been able to do it, and I can't do
> it, as far as I can see without giving world-writeable permission to the
> web directory. Here's the skeletal directory structure ...
>
> .../www.website.com
> /admin
> /upload
> /test
>
> The script (php page) I'm using to do this is stored in /admin and I want
> to copy everything in /test (and any subdir's it may have) to
www.website.com.
>
> On the server, logged in as root, I can execute a shell script named
> newpub-web, located in www.website.com, which consists of:
> rm -f *.php
> rm -f ./graphics/*
> cp -fR ./admin/test/* .
>
> I've tried executing newpub-web from a php script, which changes to the
the
> working directory to www.website.com, as:
> exec( "newpub-web"), or system( "newpub-web" ) or passthru(
> "newpub-web"). None have worked.
>
> I've also tried executing the commands directly using system(), all
without
> effect, no errors, nothing.
>
> Do I have to change the group of www.website.com to nobody? That seems to
> be an awful security hole.
>
> Stymied in Nova Scotia - Miles Thompson
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
