0

After receiving an uploaded file and moving it to its target directory, using PHP's move_uploaded_file() function, the file has the owner and group "www:wheel", ie. that of Apache. I want to change the group to "admin", but chgrp() says I (or rather, www) don't have permission to do so. What would be a smart solution so the files become readable by a user of the admin group?

I assume making user "www" a member of the "admin" group would be insecure, giving Apache to many rights. Or is it?

Environ is Apache 2, PHP5 on Mac OS X Server.

1 Answers1

1

I believe the standard response for this is going to be something like suexec or CGI to run your PHP as a specific account (other than apache).

I was going to suggest that you might be able to add specific users to the wheel group, but I can't help but feel that that's a bad idea - if I'm remembering correctly "wheel" is the system administration group on BSDs (& Macs).

Depending on what you're doing you might also regard the uploaded file(s) as staged to that location, then run something with cron to actually relocate & update permissions.

fencepost
  • 972
  • 6
  • 10
  • Hmm, but that (suexec) would give PHP way more perms than I want to. In the meanwhile I researched setgid a bit, and from what I read, it should do what I want - except it doesn't. "chmod g+s" on that dir set the setguid bit, but any newly uploaded files' group is still "wheel" instead of "admin" (which is the dir's group). Hmmmm.... –  Dec 09 '09 at 19:58