开发者

is_writable() return false

I'm expecting an issue with the PHP function fwrite()

$filename = 'rss.xml';  

if (file_exists($filename)) {
    echo "The file $filename exists";
} 

if (is_writable(开发者_Go百科$filename)) {
    $fp = fopen($filename, 'w');
    fwrite($fp, $feed);
    fclose($fp);
 }
else{
    echo '<br />not writable..';
    if(!is_readable($filename)){
    echo ' and not readable!';
    }
}

Once executed the script return :

The file rss.xml exists
not writable.. 

chmod for rss.xml is 755 and safemode is off.

I'm hosted at (mt) mediatemple.com on a (dv) and the script was working fine when I was hosted on a (gs) solution.

I can't find what's wrong =/


755 means :

  • rwx : read,write,execute for owner
  • r-x : read,execute for group
  • r-x : read,execute of others

So, everyone can read (and execute) that file, but only the owner can write to it.

Maybe the user that owns the file is not the one that runs your PHP script ? i.e. the file could belong to anyone, while your script is being run by Apache's user (often www-data) ?


A first idea might be to delete the file, let your script try to re-create it ; if it's re-created properly (which means Apache has the requires write rights on the directoy containing it), it should be able to modify it, after that.

Else, you should try giving the write privilege to other -- if your script is being run by another user than the owner of the file ; chmod o+w rss.xml should do the trick.


755 means that the owner of the file can modify it, but not anyone else. The owner is probably not the web server but yourself (your FTP account?), so PHP can't modify it. Try to give it wider persmissions. Begin with 775 and if that doesn't work, try 777.

There are some web hosts that runs the web server as the same user as your FTP account so they don't get support questions regarding file permissions, but in my opinion this is a big security hole. I think that Mediatemple does the right thing to don't run the web server as your FTP account.


Edit: I overlooked that, as Pascal Martin and others point out, 755 may mean that the file is legitimately not writable, and you may have to 777 it or change owners. I am leaving this answer in place in case everything is set up correctly, and is_writable() still returns false, which is what I was assuming.

Odd. There is a short discussion about this in the is_writable User Contributed Notes. For the guy posting there, switching to PHP 5 solved it (although I suspect it's a server / PHP / which process runs as which user issue).

What you could try:

  • Find out what user PHP is running as using posix_getuid()
  • Change the owner of the file you are trying to write to to that exact user (not just the group)
  • If it works then, it is maybe really some sort of glitch and you may have to think about trying an fopen() and intercepting its error message if it fails.

And of course: Is the file actually fwrite()able when you bypass the check??


On different hostings PHP runs and accesses files either as the

OWNER or

GROUP or

WORLD

The first variant is the best for you security.

It that case you should set file perms 644, in the last case - 666.

Why to set 777 and make file executable if you only store data there?


Make a folder for holding your files with 0777 permission and then put your files in it with a low permission level 0644. So every body have access to the folder but not every one can change the files (0644) = that's what I found the best solution. the other less secure solution is don't make a folder and just change your file permission to 666 or some people prefer 777 = not a good secure solution


CHMOD 0755 means that only file owner can write into it (group and others can read and execute). You should change CHMOD to 0775 or even 0777 depending of user/group of a PHP.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜