1

After two years and more of my client's bespoke CMS running fine, I get a call saying that the images, pdfs and docs they upload do not appear on their site. Looking into this I find the files are uploaded to the server, but are not readable. They have permission 0600 instead of 0644. I can see all the previously uploaded files on the server with permission value of 0644. One other noticeable thing is the Owner/Group value has changed from 258809/1015 to 258809/0.

From my point of view I think it's a change in the server configuration but the hosts say it's nothing to do with them and no settings have been changed. I can also say that I have made no change to the code in in over two years.

I have made some tests and can change the permissions using chmod function but I don't want to open up the code and go through every type of file they can upload and change the code.

What I want to know is can the configuration be changed somehow to fix this problem? details of server are as follows:

  • PHP Version 4.4.1

  • Apache/1.3.33 (Unix)

    Any help apreciated, Thanks, Dafydd

Improve this question
3
  • Do you have shell access? If so, can you check the umask? Commented Jan 21, 2011 at 22:22
  • No I haven't, is this something I could ask the host? What would I be looking for? I'm afraid my Knowledge of servers doesn't go very deep! what is umask? Commented Jan 21, 2011 at 22:39
  • The fact that it's now writing files as group root would make me inclined to look for system compromise -- particularly if the hosting service says there's nothing changed. Commented Jan 22, 2011 at 0:08

1 Answer 1

Reset to default
2

There's two issues here. First, the apache server is now running in the root group (0) when it was running in whatever group 1015 is, so clearly something has changed there. Apache has configuration options to specify what user and group it runs as, the "Group" option has changed or been removed.

Second, regarding the permissions, it's possible that they did not "change" anything... they just never set a specific umask in the first place. Apache uses the umask of the user that starts it, so way back when they first started it, the umask was probably 0022 (could be 0033). When they restarted it to change the Group setting, their umask was probably 0077 (or 0066). Likewise, PHP uses the umask of Apache.

Explaining umask takes a little work: Basically, umask "unsets" permission bits from the file mode. Most programs try to create files in rw-rw-rw- mode and directories in rwxrwxrwx mode. With a fairly standard umask of 0022 (----w--w-) those bits would be deleted and you'd end up with rw-r--r-- files and rwxr-xr-x directories. With a umask of 0077 (---rwxrwx) those files would be rw------- and directories rwx------. In binary math, the final mode of the file is (mode & !umask) (limited to the normal permission bits, not suid/sgid/sticky which umask doesn't affect).

Other than getting the host to shut down and restart the webserver with your desired umask, you can either chmod everything yourself or call umask(0022) in your central configuration file (note the warning there suggesting that you use chmod() instead on multithreaded servers).

Improve this answer
4
  • Thanks for you time explaining this, you're right I am probably better off to chmod everything, at least I know it will work then. But out of intrest how would I call umask(0022) in the central config file. Is this something I could ask the host to do? Aslo is it true to say that each different group can hold different permissions? Commented Jan 22, 2011 at 0:24
  • @Dafmeister: I meant in your app. Usually PHP apps have some kind of configure.php that is include()d at the beginning of every other file with all of the database settings, configuration options, etc. If yours doesn't then you'd need to go through all the PHP files and set the umask at the top of each. Commented Jan 22, 2011 at 5:44
  • Ahh I see fine, in the site config file. Great this seems like a much better solution. I'll give it a go! Commented Jan 22, 2011 at 14:34
  • Tried this but first I checked what the current umask() was and it came back as 22. Commented Jan 22, 2011 at 15:23

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.