0

I have a bunch of sites on a standard HostGator Dedicated server. I would like to run PHP scripts that can access and make changes (add, update, delete files and directories) to the file structure of every single site on this server. What would I need to do for this to work? Right now I get Permission Denied errors when I try to access siteA from siteB within a PHP script.

UPDATE:
I just found out that my server uses SuPHP, which explains why I was not able to have one sites scripts access another site. Would this work no problem if I switched to fcgi?

filip
  • 125
  • 6
  • Are all the directories owned by www-data? –  Dec 02 '10 at 11:56
  • @JP19 I'm not familiar with www-data. Currently each site sits in the `/home/` directory and WHM auto created a unique user for each site based on the domain name. – filip Dec 02 '10 at 12:07
  • Do you have any particular group ownership set? If you don't you can add a group with a name of your choosing put user of your choosing into that group and set the group on all files to the group with that user in it. (For example all files owned by group maintenance with user maintenance in the group - Run the script under user mainteance and give group permissions on each file 7 (rwx)) I can clarify this as an answer if it's close to what you want. You could also set the gid bit to run it as root every-time it is executed. Security wise the first method is safer. – Joshua Enfield Dec 02 '10 at 17:00
  • @Joshua Enfield that sounds like it might be just what I need. I don't have any Groups set and have never worked with User Groups before. A quick walk through would be much appreciated. – filip Dec 02 '10 at 20:28
  • Right now the Ownership for each site's `/public_html/` directory is set to `whm_created_user/nobody` and Ownership for each directory and file within that is set to `whm_created_user/whm_created_user` if that helps. – filip Dec 02 '10 at 20:35
  • Be aware that suPHP is used precisely to *protect you from this happening*. – mattdm Dec 10 '10 at 17:41
  • hehe thank you @mattdm that would explain a lot. Would the sites be more vulnerable if I switched to fcgi? – filip Dec 10 '10 at 18:12

1 Answers1

0

Lets say I have a site root lets call say it's located at /siteroot

useradd maintenance
usermod -g maintenance maintenance
groupadd maintenance
chgrp maint /siteroot/* -R
chmod g+rw /siteroot/* -R

Now you can login to the maintenance user to run the script and he should have proper permissions.

If you set the group on your script to maintenance and use chmod g+s [script] on the script you wish to run - then any user who runs the script will run it under the group and thus group permissions. Make sure if you use the group bit that your script is hardened and not accessible to anyone or anything poorly secured.

Note I am not highly experienced so take my advice with some salt. I would also highly advise you back up your site root so you can restore it if necessary.

Joshua Enfield
  • 3,454
  • 8
  • 42
  • 59
  • I gave this a try and actually ended up disabling my site... but it's not your fault. I contacted HostGator about it and turned out this wouldn't work because apache is set to compile with SuPHP, which won't allow a file with group write privileges or a different group than it's owner to execute. Thank you though, i may try your commands again if I switch to fcgi. – filip Dec 10 '10 at 17:25