PHP: Creating files and preserving file permissions

I have a simple architecture at the moment which looks a little something like this:

User sends Email > Postfix > Procmail > PHP Script > Write to third party Web App

The third party web app happens to be a CMS (I am using its API to create records).

The problem that I am having is that users are sending Emails to the user of "support", where as the Web Server runs on the user "apache".

Because of this setup, all the attachments are 开发者_开发技巧being created with the user of "support" and the group "support", however I need them to actually be created as "apache:apache" (so that the CMS can read and display these attachments in it's templates).

I understand PHP has functions chown and chmod, however when trying to run these commands even from the command line, I am unable to handover ownership of the files to the user "apache".

Is there an easy way for me to preserve file permissions based on the create directory? Is this something I need to change from php.ini? Or perhaps I need to re-think the architecture?

Thanks for the help!

You can solve this at the file system level if you are running Linux by doing this:

• chown support:apache foo
• chmod 775 foo
• chmod g+s foo

where foo is the folder you are saving the files.

Now all (newly created) files should be owned by support:apache. If you make sure to create the files as 664, then both places can read/write it.

This isn't the only (and perhaps not even the best) way to solve the problem, but it's probably the easiest.

I think maybe you need to re-think your architecture and come up with a way for the third-party app running as apache to create the files. One way is to have a setuid script for calling the API.

chown is usually unable to work except for root because letting a non-root user change file ownership to someone else is often a security hole.

To get around this issue I ended up doing a bit of a dodgy.

After creating the files as a different user, I ran the chgrp and chmod commands (with the PHP API) and all was honkie dory. Thanks for the replies.