0

I have a shared hosting server, with CentOS linux and cPanel running Apache with mod_php. We use linux's user quotas to enforce that each website stays within their purchased amount of disk space. However, many websites have file upload systems either public or in their admins (CMS software, for example). Because this software runs under mod_php the files that are uploaded end up belonging to the user Apache runs under, and do not count against the user's disk quota.

The only way I can think to solve this is to write a script which looks through every directory in /home and chowns all the files in public_html so they are owned by the correct user, and then have this script run hourly through cron. Before I write such a script, are there any better solutions? (Or does such a script exist?)

EDIT: I must be able to run mod_php. CGI php is not an option.

Josh
  • 9,190
  • 28
  • 80
  • 128

2 Answers2

1

Try using mod_suphp (or mod_suexec where appropriate). Will cause apache to run under the appropriate user, so their file ownerships will be correct.

rodjek
  • 3,327
  • 17
  • 14
  • Doesn't mod_suphp require that PHP be in CGI mode? That's not an option... – Josh Aug 31 '09 at 23:29
  • Why isn't it an option? The transition from mod_php to mod_suphp should be seamless (although you may run into permissions problems on some of your users files). – rodjek Sep 01 '09 at 00:47
  • The CGI version of PHP isn't an option because it's slower and doesn't have all the functionality of PHP, i.e. it can't send HTTP authentication headers. – Josh Sep 01 '09 at 02:37
  • mod_suphp doesn't have any issues sending HTTP authentication headers, nor is it noticeably slower than mod_php. Give it a try in your test environment. – rodjek Sep 01 '09 at 04:08
  • @rodjek, I will set up a test server. I guess I was misunderstanding the documentation regarding HTTP authentication: http://us2.php.net/manual/en/features.http-auth.php – Josh Sep 01 '09 at 13:03
  • php-fpm is also an appropriate (newer) solution – iainlbc Jan 25 '11 at 21:47
0

Basically, if you can't run PHP in a CGI mode, you're screwed. You can't do a chown on the files because then the webserver can't modify them later (which is important for some applications), unless you want to get really freaky with your permissions and umasks and have to deal with permissions SNAFUs every time something hasn't been pre-configured with the right umask.

Your objections to running PHP in CGI mode are unfounded, though; I work for a company with a number of shared hosting servers and we run PHP through suexec and we don't have customers complaining about a lack of features. Yes, it's slightly slower, but the startup overhead is lost in the noise of most PHP web applications' inefficiencies.

womble
  • 96,255
  • 29
  • 175
  • 230
  • I can't chown the files so that the user is the website user and the group is the group apache runs under, and then chmod g+rw? If I did that then the files would count against the user's quota while the webserver will still be able to modify them, right? (And FYI, I have gained customers who switched from hosting companies because they did not support mod_php) – Josh Sep 01 '09 at 13:00
  • And then find every single place that might create or edit those files and set the umask correctly... it's too much fun for me. – womble Sep 02 '09 at 00:26